Docs/defensive-coding-guide
2
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

correct formatting

Browse source
This commit is contained in:
Huzaifa Sidhpurwala 2021-09-18 10:50:43 +05:30
parent f378dc0a3d
commit bce3587ece
2 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/ROOT/pages/Revision_History.adoc
View file

@ -3,7 +3,8 @@
[[appe-Defensive_Coding-Revision_History]]
= Revision History
`1.6`:: Oct 26 2020, Huzaifa Sidhpuwala (huzaifas@redhat.com)
`1.6`:: Mon Oct 26 2020, Huzaifa Sidhpuwala (huzaifas@redhat.com)
* Add section on misuse of Macros - wmealing@redhat.com

26
modules/ROOT/pages/programming-languages/C-Libc.adoc
View file

@ -288,20 +288,20 @@ them to find out what the length actually means.
=== Using tricky syscalls or library functions
==== `readlink`
This is the hardest system call to use correctly because of everything you have to do:
* [option] The buf should be of PATH_MAX length, that includes space for the terminating NUL character.
* [option] The bufsize should be `sizeof(buf) - 1`
* [option] readlink return value should be caught as a signed integer (ideally type `ssize_t`).
* [option] It should be checked for < 0 for indication of errors.
* [option] The caller needs to '\0' -terminate the buffer using the returned value as an index.
This is the hardest system call to use correctly because of everything you have to do
* The buf should be of PATH_MAX length, that includes space for the terminating NUL character.
* The bufsize should be `sizeof(buf) - 1`
* `readlink` return value should be caught as a signed integer (ideally type `ssize_t`).
* It should be checked for < 0 for indication of errors.
* The caller needs to '\0' -terminate the buffer using the returned value as an index.
=== `chroot`
* [option] Target dir should be writable only by root (this implies owned by).
* [option] Must call `chdir` immediately after chroot or you are not really in the changed root.
==== `chroot`
* Target dir should be writable only by root (this implies owned by).
* Must call `chdir` immediately after chroot or you are not really in the changed root.
=== `stat`, `lstat`, `fstatat`
* [option] These functions have an inherent race in that you operate on the path name which could change in the mean time. Using fstat is recommended when stat is used.
* [option] If `S_ISLNK` macro is used, the stat buffer MUST come from lstat or from fstatat with `AT_SYMLINK_NOFOLLOW`
* [option] If you are doing something really important, call fstat after opening and compare the before and after stat buffers before trusting them.
==== `stat`, `lstat`, `fstatat`
* These functions have an inherent race in that you operate on the path name which could change in the mean time. Using fstat is recommended when stat is used.
* If `S_ISLNK` macro is used, the stat buffer MUST come from lstat or from fstatat with `AT_SYMLINK_NOFOLLOW`
* If you are doing something really important, call fstat after opening and compare the before and after stat buffers before trusting them.