From f378dc0a3d4bcc73dcf99dcd932408e3d357e389 Mon Sep 17 00:00:00 2001 From: Huzaifa Sidhpurwala Date: Sat, 18 Sep 2021 10:42:48 +0530 Subject: [PATCH] Add some C library specific stuff --- .../pages/programming-languages/C-Libc.adoc | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/ROOT/pages/programming-languages/C-Libc.adoc b/modules/ROOT/pages/programming-languages/C-Libc.adoc index 5e2375d..682331a 100644 --- a/modules/ROOT/pages/programming-languages/C-Libc.adoc +++ b/modules/ROOT/pages/programming-languages/C-Libc.adoc @@ -285,3 +285,23 @@ libc currently does not implement them. GNU libc contains additional functions with different variants of length checking. Consult the documentation before using them to find out what the length actually means. + +=== Using tricky syscalls or library functions +==== `readlink` +This is the hardest system call to use correctly because of everything you have to do: +* [option] The buf should be of PATH_MAX length, that includes space for the terminating NUL character. +* [option] The bufsize should be `sizeof(buf) - 1` +* [option] readlink return value should be caught as a signed integer (ideally type `ssize_t`). +* [option] It should be checked for < 0 for indication of errors. +* [option] The caller needs to '\0' -terminate the buffer using the returned value as an index. + +=== `chroot` +* [option] Target dir should be writable only by root (this implies owned by). +* [option] Must call `chdir` immediately after chroot or you are not really in the changed root. + +=== `stat`, `lstat`, `fstatat` +* [option] These functions have an inherent race in that you operate on the path name which could change in the mean time. Using fstat is recommended when stat is used. +* [option] If `S_ISLNK` macro is used, the stat buffer MUST come from lstat or from fstatat with `AT_SYMLINK_NOFOLLOW` +* [option] If you are doing something really important, call fstat after opening and compare the before and after stat buffers before trusting them. + +