[systemd-devel] [PATCH] sd-bus: fix potential UB in bus_socket_auth_verify_client()

Lennart Poettering mzqohf at 0pointer.de
Thu May 14 02:34:26 PDT 2015

On Wed, 13.05.15 19:16, Cristian Rodríguez (crrodriguez at opensuse.org) wrote:

> When built with GCC undefined behaviour sanitizer the following problem
> surfaces:
> src/libsystemd/sd-bus/bus-socket.c:180:11: runtime error: null pointer
> passed as argument 1, which is declared to never be null
> Indeed, calling memmem where b->rbuffer == NULL is undefined
> behaviour.

Ah, well, the implementation of memmem() in glibc actually doesn't
have this limitation, only the prototype declares it. That's annoying.

> Fix that by returning if rbuffer is null or rbuffer_size < 2

I have now applied a different fix: memmem_safe() is to memmem() what
qsort_safe() is to qsort(): a small wrapper that allows NULL pointers
to be specified for zero-length buffers. I think this is the better
option here, I hope that makes sense,


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list