Jonathan Nieder <jrnieder@xxxxxxxxx> writes:
> Hi,
>
> David Turner wrote:
>
>> If the full hostname doesn't fit in the buffer supplied to
>> gethostname, POSIX does not specify whether the buffer will be
>> null-terminated, so to be safe, we should do it ourselves. Introduce
>> new function, xgethostname, which ensures that there is always a \0
>> at the end of the buffer.
>
> I think we should detect the error instead of truncating the hostname.
> That (on top of your patch) would look like the following.
>
> Thoughts?
> Jonathan
>
> diff --git i/wrapper.c w/wrapper.c
> index d837417709..e218bd3bef 100644
> --- i/wrapper.c
> +++ w/wrapper.c
> @@ -660,11 +660,13 @@ int xgethostname(char *buf, size_t len)
> {
> /*
> * If the full hostname doesn't fit in buf, POSIX does not
> - * specify whether the buffer will be null-terminated, so to
> - * be safe, do it ourselves.
> + * guarantee that an error will be returned. Check for ourselves
> + * to be safe.
> */
> int ret = gethostname(buf, len);
> - if (!ret)
> - buf[len - 1] = 0;
> + if (!ret && !memchr(buf, 0, len)) {
> + errno = ENAMETOOLONG;
> + return -1;
> + }
Hmmmm. "Does not specify if the buffer will be NUL-terminated"
would mean that it is OK for the platform gethostname() to stuff
sizeof(buf)-1 first bytes of the hostname in the buffer and then
truncate by placing '\0' at the end of the buf, and we would not
notice truncation with the above change on such a platform, no?