Re: [hackers] [sbase] [PATCH 1/5] Remove st != NULL checks from recursor functions

From: Michael Forney <mforney_AT_mforney.org>
Date: Sun, 1 Jan 2017 13:56:56 -0800

On 12/27/16, Laslo Hunhold <dev_AT_frign.de> wrote:
> Hey Michael,
>
>> In the description of 3111908b034c73673a2f079b2b13a88c18379baa, it
>> says that the functions must be able to handle st being NULL, but
>> recurse always passes a valid pointer. The only function that was
>> ever passed NULL was rm(), but this was changed to go through recurse
>> in 2f4ab527391135e651b256f8654b050ea4a48f3d, so now the checks are
>> pointless.
>
> have you tested this patchset extensively? I hate to admit that the
> recursor-subsystem is probably the most fragile part of sbase and
> really need more feedback on these patches by more people (Silvan, have
> you had the chance to test this?).

I have been running with these patches since I posted them to the list
and have not run into any issues.

Here is some analysis that shows that it is safe:

recurse is called in
- chgrp.c with fn = chgrp
- chmod.c with fn = chmodr
- chown.c with fn = chownpwgr
- du.c with fn = du
- mv.c with fn = rm
- rm.c with fn = rm
- tar.c with fn = c

recurse calls fn with `(r->fn)(path, &st, data, r)` (in three
locations) and `(r->fn)(path, &dst, data, r)`. In all cases, st is the
address of a struct st.

chgrp, chmodr, chownpwgr, du, rm, and c are all only called through recurse.
Received on Sun Jan 01 2017 - 22:56:56 CET