Date: Fri, 28 Nov 2008 14:53:18 +0000 (UTC) From: Ed Schouten <ed@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r185385 - head/sys/kern Message-ID: <200811281453.mASErIII021767@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ed Date: Fri Nov 28 14:53:18 2008 New Revision: 185385 URL: http://svn.freebsd.org/changeset/base/185385 Log: Fix matching of message queues by name. The mqfs_search() routine uses strncmp() to match message queue objects by name. This is because it can be called from environments where the file name is not null terminated (the VFS for example). Unfortunately it doesn't compare the lengths of the message queue names, which means if a system has "Queue12345", the name "Queue" will also match. I noticed this when a student of mine handed in an exercise using message queues with names "Queue2" and "Queue". Reviewed by: rink Modified: head/sys/kern/uipc_mqueue.c Modified: head/sys/kern/uipc_mqueue.c ============================================================================== --- head/sys/kern/uipc_mqueue.c Fri Nov 28 14:49:26 2008 (r185384) +++ head/sys/kern/uipc_mqueue.c Fri Nov 28 14:53:18 2008 (r185385) @@ -793,7 +793,8 @@ mqfs_search(struct mqfs_node *pd, const sx_assert(&pd->mn_info->mi_lock, SX_LOCKED); LIST_FOREACH(pn, &pd->mn_children, mn_sibling) { - if (strncmp(pn->mn_name, name, len) == 0) + if (strncmp(pn->mn_name, name, len) == 0 && + pn->mn_name[len] == '\0') return (pn); } return (NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811281453.mASErIII021767>