diff options
| author | ed <ed@FreeBSD.org> | 2008-11-28 14:53:18 +0000 |
|---|---|---|
| committer | ed <ed@FreeBSD.org> | 2008-11-28 14:53:18 +0000 |
| commit | 355c41a8e48601f9e19f011a64e3cb986af33aa4 (patch) | |
| tree | f93c257952f43a73f17053d684db065d84477f94 /sys/kern/uipc_mqueue.c | |
| parent | 1cc2f596995101fb27c77ad53e77624d4f49a230 (diff) | |
| download | FreeBSD-src-355c41a8e48601f9e19f011a64e3cb986af33aa4.zip FreeBSD-src-355c41a8e48601f9e19f011a64e3cb986af33aa4.tar.gz | |
Fix matching of message queues by name.
The mqfs_search() routine uses strncmp() to match message queue objects
by name. This is because it can be called from environments where the
file name is not null terminated (the VFS for example).
Unfortunately it doesn't compare the lengths of the message queue names,
which means if a system has "Queue12345", the name "Queue" will also
match.
I noticed this when a student of mine handed in an exercise using
message queues with names "Queue2" and "Queue".
Reviewed by: rink
Diffstat (limited to 'sys/kern/uipc_mqueue.c')
| -rw-r--r-- | sys/kern/uipc_mqueue.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c index 0ac60d0..451f5c2 100644 --- a/sys/kern/uipc_mqueue.c +++ b/sys/kern/uipc_mqueue.c @@ -793,7 +793,8 @@ mqfs_search(struct mqfs_node *pd, const char *name, int len) sx_assert(&pd->mn_info->mi_lock, SX_LOCKED); LIST_FOREACH(pn, &pd->mn_children, mn_sibling) { - if (strncmp(pn->mn_name, name, len) == 0) + if (strncmp(pn->mn_name, name, len) == 0 && + pn->mn_name[len] == '\0') return (pn); } return (NULL); |
