ndt-dev - [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly
Subject: NDT-DEV email list created
List archive
[ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly
Chronological Thread
- From:
- To:
- Subject: [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly
- Date: Sat, 08 Feb 2014 01:38:07 +0000
Comment #4 on issue 109 by : C client does not check the version compatibility correctly
http://code.google.com/p/ndt/issues/detail?id=109
I see a couple of issues with this,
The main issue is that strncpy() doesn't null terminate the string if the string is longer than the allowed size. This means the comparison is actually being made on random memory and will be incorrect and could cause a segfault.
While unlikely, a check to ensure that 'buff' is long enough needs to be done before &buff[strlen(buff) - 6] otherwise this could result in a negative index resulting in similar issues.
Also "web100" should be have a capital 'w' i.e. should be "Web100" in the comparison see the definition TCP_STAT_NAME here https://code.google.com/p/ndt/source/browse/trunk/src/web100srv.h#299.
This could be rewritten as following to avoid strncpy() and the other issues as well as duplicated code. I've tested this against the following servers 3.6.6-rc1-Web10G, 3.6.6-rc1-Web100 and 3.6.5.2.
ServerType = "Web100";
if (strlen(buff) > 8) { // 7 (+ 1 for the 'v' at the start)
// Since the addition of Web10G the server will append -Web10X
// We remove this before comparing versions
if (strcmp(&buff[strlen(buff) - 7], "-Web10G") == 0) {
ServerType = "Web10G";
buff[strlen(buff) - 7] = '\0';
}
if (strcmp(&buff[strlen(buff) - 7], "-Web100") == 0) {
buff[strlen(buff) - 7] = '\0';
}
}
if (strcmp(&buff[1], VERSION)) {
log_println(1, "WARNING: NDT server has different version number (%s)",
&buff[1]);
}
--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
- [ndt-dev] Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/07/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/07/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/07/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/07/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/07/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/10/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/10/2014
- [ndt-dev] Re: Issue 109 in ndt: C client does not check the version compatibility correctly, ndt, 02/10/2014
Archive powered by MHonArc 2.6.16.