1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 01:37:36 +00:00

Everywhere: Explicitly specify the size in StringView constructors

This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
This commit is contained in:
sin-ack 2022-07-11 19:53:29 +00:00 committed by Andreas Kling
parent e3da0adfe6
commit c70f45ff44
75 changed files with 264 additions and 203 deletions

View file

@ -40,7 +40,7 @@ static String get_salt()
static Vector<gid_t> get_extra_gids(passwd const& pwd)
{
StringView username { pwd.pw_name };
StringView username { pwd.pw_name, strlen(pwd.pw_name) };
Vector<gid_t> extra_gids;
setgrent();
for (auto* group = getgrent(); group; group = getgrent()) {
@ -78,7 +78,7 @@ ErrorOr<Account> Account::self([[maybe_unused]] Read options)
spwd spwd = {};
#ifndef AK_OS_BSD_GENERIC
if (options != Read::PasswdOnly) {
auto maybe_spwd = TRY(Core::System::getspnam(pwd->pw_name));
auto maybe_spwd = TRY(Core::System::getspnam({ pwd->pw_name, strlen(pwd->pw_name) }));
if (!maybe_spwd.has_value())
return Error::from_string_literal("No shadow entry for user"sv);
spwd = maybe_spwd.release_value();
@ -90,14 +90,14 @@ ErrorOr<Account> Account::self([[maybe_unused]] Read options)
ErrorOr<Account> Account::from_name(char const* username, [[maybe_unused]] Read options)
{
auto pwd = TRY(Core::System::getpwnam(username));
auto pwd = TRY(Core::System::getpwnam({ username, strlen(username) }));
if (!pwd.has_value())
return Error::from_string_literal("No such user"sv);
spwd spwd = {};
#ifndef AK_OS_BSD_GENERIC
if (options != Read::PasswdOnly) {
auto maybe_spwd = TRY(Core::System::getspnam(pwd->pw_name));
auto maybe_spwd = TRY(Core::System::getspnam({ pwd->pw_name, strlen(pwd->pw_name) }));
if (!maybe_spwd.has_value())
return Error::from_string_literal("No shadow entry for user"sv);
spwd = maybe_spwd.release_value();
@ -115,7 +115,7 @@ ErrorOr<Account> Account::from_uid(uid_t uid, [[maybe_unused]] Read options)
spwd spwd = {};
#ifndef AK_OS_BSD_GENERIC
if (options != Read::PasswdOnly) {
auto maybe_spwd = TRY(Core::System::getspnam(pwd->pw_name));
auto maybe_spwd = TRY(Core::System::getspnam({ pwd->pw_name, strlen(pwd->pw_name) }));
if (!maybe_spwd.has_value())
return Error::from_string_literal("No shadow entry for user"sv);
spwd = maybe_spwd.release_value();
@ -270,18 +270,22 @@ ErrorOr<void> Account::sync()
auto new_shadow_file_content = TRY(generate_shadow_file());
#endif
// FIXME: mkstemp taking Span<char> makes this code entirely un-AKable.
// Make this code less char-pointery.
char new_passwd_name[] = "/etc/passwd.XXXXXX";
size_t new_passwd_name_length = strlen(new_passwd_name);
#ifndef AK_OS_BSD_GENERIC
char new_shadow_name[] = "/etc/shadow.XXXXXX";
size_t new_shadow_name_length = strlen(new_shadow_name);
#endif
{
auto new_passwd_fd = TRY(Core::System::mkstemp(new_passwd_name));
auto new_passwd_fd = TRY(Core::System::mkstemp({ new_passwd_name, new_passwd_name_length }));
ScopeGuard new_passwd_fd_guard = [new_passwd_fd] { close(new_passwd_fd); };
TRY(Core::System::fchmod(new_passwd_fd, 0644));
#ifndef AK_OS_BSD_GENERIC
auto new_shadow_fd = TRY(Core::System::mkstemp(new_shadow_name));
auto new_shadow_fd = TRY(Core::System::mkstemp({ new_shadow_name, new_shadow_name_length }));
ScopeGuard new_shadow_fd_guard = [new_shadow_fd] { close(new_shadow_fd); };
TRY(Core::System::fchmod(new_shadow_fd, 0600));
#endif
@ -295,9 +299,9 @@ ErrorOr<void> Account::sync()
#endif
}
TRY(Core::System::rename(new_passwd_name, "/etc/passwd"));
TRY(Core::System::rename({ new_passwd_name, new_passwd_name_length }, "/etc/passwd"sv));
#ifndef AK_OS_BSD_GENERIC
TRY(Core::System::rename(new_shadow_name, "/etc/shadow"));
TRY(Core::System::rename({ new_shadow_name, new_shadow_name_length }, "/etc/shadow"sv));
#endif
return {};