1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 09:17:35 +00:00

Everywhere: Explicitly specify the size in StringView constructors

This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
This commit is contained in:
sin-ack 2022-07-11 19:53:29 +00:00 committed by Andreas Kling
parent e3da0adfe6
commit c70f45ff44
75 changed files with 264 additions and 203 deletions

View file

@ -40,7 +40,7 @@ static String get_salt()
static Vector<gid_t> get_extra_gids(passwd const& pwd)
{
StringView username { pwd.pw_name };
StringView username { pwd.pw_name, strlen(pwd.pw_name) };
Vector<gid_t> extra_gids;
setgrent();
for (auto* group = getgrent(); group; group = getgrent()) {
@ -78,7 +78,7 @@ ErrorOr<Account> Account::self([[maybe_unused]] Read options)
spwd spwd = {};
#ifndef AK_OS_BSD_GENERIC
if (options != Read::PasswdOnly) {
auto maybe_spwd = TRY(Core::System::getspnam(pwd->pw_name));
auto maybe_spwd = TRY(Core::System::getspnam({ pwd->pw_name, strlen(pwd->pw_name) }));
if (!maybe_spwd.has_value())
return Error::from_string_literal("No shadow entry for user"sv);
spwd = maybe_spwd.release_value();
@ -90,14 +90,14 @@ ErrorOr<Account> Account::self([[maybe_unused]] Read options)
ErrorOr<Account> Account::from_name(char const* username, [[maybe_unused]] Read options)
{
auto pwd = TRY(Core::System::getpwnam(username));
auto pwd = TRY(Core::System::getpwnam({ username, strlen(username) }));
if (!pwd.has_value())
return Error::from_string_literal("No such user"sv);
spwd spwd = {};
#ifndef AK_OS_BSD_GENERIC
if (options != Read::PasswdOnly) {
auto maybe_spwd = TRY(Core::System::getspnam(pwd->pw_name));
auto maybe_spwd = TRY(Core::System::getspnam({ pwd->pw_name, strlen(pwd->pw_name) }));
if (!maybe_spwd.has_value())
return Error::from_string_literal("No shadow entry for user"sv);
spwd = maybe_spwd.release_value();
@ -115,7 +115,7 @@ ErrorOr<Account> Account::from_uid(uid_t uid, [[maybe_unused]] Read options)
spwd spwd = {};
#ifndef AK_OS_BSD_GENERIC
if (options != Read::PasswdOnly) {
auto maybe_spwd = TRY(Core::System::getspnam(pwd->pw_name));
auto maybe_spwd = TRY(Core::System::getspnam({ pwd->pw_name, strlen(pwd->pw_name) }));
if (!maybe_spwd.has_value())
return Error::from_string_literal("No shadow entry for user"sv);
spwd = maybe_spwd.release_value();
@ -270,18 +270,22 @@ ErrorOr<void> Account::sync()
auto new_shadow_file_content = TRY(generate_shadow_file());
#endif
// FIXME: mkstemp taking Span<char> makes this code entirely un-AKable.
// Make this code less char-pointery.
char new_passwd_name[] = "/etc/passwd.XXXXXX";
size_t new_passwd_name_length = strlen(new_passwd_name);
#ifndef AK_OS_BSD_GENERIC
char new_shadow_name[] = "/etc/shadow.XXXXXX";
size_t new_shadow_name_length = strlen(new_shadow_name);
#endif
{
auto new_passwd_fd = TRY(Core::System::mkstemp(new_passwd_name));
auto new_passwd_fd = TRY(Core::System::mkstemp({ new_passwd_name, new_passwd_name_length }));
ScopeGuard new_passwd_fd_guard = [new_passwd_fd] { close(new_passwd_fd); };
TRY(Core::System::fchmod(new_passwd_fd, 0644));
#ifndef AK_OS_BSD_GENERIC
auto new_shadow_fd = TRY(Core::System::mkstemp(new_shadow_name));
auto new_shadow_fd = TRY(Core::System::mkstemp({ new_shadow_name, new_shadow_name_length }));
ScopeGuard new_shadow_fd_guard = [new_shadow_fd] { close(new_shadow_fd); };
TRY(Core::System::fchmod(new_shadow_fd, 0600));
#endif
@ -295,9 +299,9 @@ ErrorOr<void> Account::sync()
#endif
}
TRY(Core::System::rename(new_passwd_name, "/etc/passwd"));
TRY(Core::System::rename({ new_passwd_name, new_passwd_name_length }, "/etc/passwd"sv));
#ifndef AK_OS_BSD_GENERIC
TRY(Core::System::rename(new_shadow_name, "/etc/shadow"));
TRY(Core::System::rename({ new_shadow_name, new_shadow_name_length }, "/etc/shadow"sv));
#endif
return {};

View file

@ -129,7 +129,7 @@ bool ArgsParser::parse(int argc, char* const* argv, FailureBehavior failure_beha
}
if (m_perform_autocomplete) {
autocomplete(stdout, argv[0], Span<char const* const> { argv + optind, static_cast<size_t>(argc - optind) });
autocomplete(stdout, { argv[0], strlen(argv[0]) }, Span<char const* const> { argv + optind, static_cast<size_t>(argc - optind) });
if (failure_behavior == FailureBehavior::Exit || failure_behavior == FailureBehavior::PrintUsageAndExit)
exit(0);
return false;
@ -445,7 +445,7 @@ void ArgsParser::add_option(StringView& value, char const* help_string, char con
short_name,
value_name,
[&value](char const* s) {
value = s;
value = { s, strlen(s) };
return true;
},
hide_mode,
@ -462,7 +462,7 @@ void ArgsParser::add_option(int& value, char const* help_string, char const* lon
short_name,
value_name,
[&value](char const* s) {
auto opt = StringView(s).to_int();
auto opt = StringView { s, strlen(s) }.to_int();
value = opt.value_or(0);
return opt.has_value();
},
@ -480,7 +480,7 @@ void ArgsParser::add_option(unsigned& value, char const* help_string, char const
short_name,
value_name,
[&value](char const* s) {
auto opt = StringView(s).to_uint();
auto opt = StringView { s, strlen(s) }.to_uint();
value = opt.value_or(0);
return opt.has_value();
},
@ -533,7 +533,7 @@ void ArgsParser::add_option(Optional<size_t>& value, char const* help_string, ch
short_name,
value_name,
[&value](char const* s) {
value = AK::StringUtils::convert_to_uint<size_t>(s);
value = AK::StringUtils::convert_to_uint<size_t>({ s, strlen(s) });
return value.has_value();
},
hide_mode,
@ -552,7 +552,7 @@ void ArgsParser::add_option(Vector<size_t>& values, char const* help_string, cha
[&values, separator](char const* s) {
bool parsed_all_values = true;
StringView { s }.for_each_split_view(separator, false, [&](auto value) {
StringView { s, strlen(s) }.for_each_split_view(separator, false, [&](auto value) {
if (auto maybe_value = AK::StringUtils::convert_to_uint<size_t>(value); maybe_value.has_value())
values.append(*maybe_value);
else
@ -610,7 +610,7 @@ void ArgsParser::add_positional_argument(StringView& value, char const* help_str
required == Required::Yes ? 1 : 0,
1,
[&value](char const* s) {
value = s;
value = { s, strlen(s) };
return true;
}
};
@ -625,7 +625,7 @@ void ArgsParser::add_positional_argument(int& value, char const* help_string, ch
required == Required::Yes ? 1 : 0,
1,
[&value](char const* s) {
auto opt = StringView(s).to_int();
auto opt = StringView { s, strlen(s) }.to_int();
value = opt.value_or(0);
return opt.has_value();
}
@ -641,7 +641,7 @@ void ArgsParser::add_positional_argument(unsigned& value, char const* help_strin
required == Required::Yes ? 1 : 0,
1,
[&value](char const* s) {
auto opt = StringView(s).to_uint();
auto opt = StringView { s, strlen(s) }.to_uint();
value = opt.value_or(0);
return opt.has_value();
}
@ -703,7 +703,7 @@ void ArgsParser::add_positional_argument(Vector<StringView>& values, char const*
required == Required::Yes ? 1 : 0,
INT_MAX,
[&values](char const* s) {
values.append(s);
values.append({ s, strlen(s) });
return true;
}
};
@ -723,7 +723,7 @@ void ArgsParser::autocomplete(FILE* file, StringView program_name, Span<char con
auto completing_option = false;
for (auto& arg : remaining_arguments) {
StringView argument { arg };
StringView argument { arg, strlen(arg) };
completing_option = false;
if (skip_next) {
@ -754,7 +754,7 @@ void ArgsParser::autocomplete(FILE* file, StringView program_name, Span<char con
// Look for a long option
auto option_pattern = argument.substring_view(2);
auto it = m_options.find_if([&](auto& option) { return option.hide_mode != OptionHideMode::None && StringView(option.long_name) == option_pattern; });
auto it = m_options.find_if([&](auto& option) { return option.hide_mode != OptionHideMode::None && StringView { option.long_name, strlen(option.long_name) } == option_pattern; });
if (it.is_end())
continue;
@ -791,7 +791,7 @@ void ArgsParser::autocomplete(FILE* file, StringView program_name, Span<char con
auto write_completion = [&](auto format, auto& option, auto has_invariant, auto... args) {
JsonObject object;
object.set("completion", String::formatted(format, args...));
object.set("completion", String::formatted(StringView { format, strlen(format) }, args...));
object.set("static_offset", 0);
object.set("invariant_offset", has_invariant ? option_to_complete.length() : 0u);
object.set("display_trivia", option.help_string);
@ -805,7 +805,7 @@ void ArgsParser::autocomplete(FILE* file, StringView program_name, Span<char con
for (auto& option : m_options) {
if (option.hide_mode != OptionHideMode::None)
continue;
StringView option_string = option.long_name;
StringView option_string { option.long_name, strlen(option.long_name) };
if (option_string.starts_with(option_pattern)) {
write_completion("--{}", option, true, option_string);
}

View file

@ -250,9 +250,11 @@ String DateTime::to_string(StringView format) const
}
format_time_zone_offset(true);
break;
case 'Z':
builder.append(tzname[daylight]);
case 'Z': {
auto const* timezone_name = tzname[daylight];
builder.append({ timezone_name, strlen(timezone_name) });
break;
}
case '%':
builder.append('%');
break;

View file

@ -83,7 +83,7 @@ static String canonicalize_path(String path)
return LexicalPath::canonicalized_path(move(path));
char* cwd = getcwd(nullptr, 0);
VERIFY(cwd);
return LexicalPath::join(cwd, move(path)).string();
return LexicalPath::join({ cwd, strlen(cwd) }, move(path)).string();
}
ErrorOr<bool> FileWatcherBase::add_watch(String path, FileWatcherEvent::Type event_mask)

View file

@ -970,7 +970,8 @@ ErrorOr<void> exec(StringView filename, Span<StringView> arguments, SearchInPath
};
if (search_in_path == SearchInPath::Yes && !filename.contains('/')) {
StringView path = getenv("PATH");
auto const* path_ptr = getenv("PATH");
StringView path { path_ptr, strlen(path_ptr) };
if (path.is_empty())
path = "/bin:/usr/bin";
auto parts = path.split_view(':');

View file

@ -23,7 +23,7 @@ static void parse_sockets_from_system_server()
return;
}
for (auto& socket : StringView(sockets).split_view(' ')) {
for (auto& socket : StringView { sockets, strlen(sockets) }.split_view(' ')) {
auto params = socket.split_view(':');
s_overtaken_sockets.set(params[0].to_string(), strtol(params[1].to_string().characters(), nullptr, 10));
}