-
Notifications
You must be signed in to change notification settings - Fork 654
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1672: Make `uname` always safe r=asomers a=koute Currently `uname` doesn't check for errors and just blindly assumes that it always succeeds. According to the manpage this function can fail, even though no actual errors are defined: ``` RETURN VALUE Upon successful completion, a non-negative value shall be returned. Otherwise, -1 shall be returned and errno set to indicate the error. ERRORS No errors are defined. The following sections are informative. ``` Looking at [the glibc's sources](https://github.com/bminor/glibc/blob/b92a49359f33a461db080a33940d73f47c756126/posix/uname.c#L29) we can see that it indeed could fail if the internal `gethostname` call fails for some reason. This code also assumes that every field of `utsname` is going to be initialized by the call to `uname`, which apparently is also not true. Even though the interface doesn't expose this field so it's not a problem in practice (although it might be UB since we do call `assume_init` on the whole struct) [the `utsname` does have a `domainname` field](https://docs.rs/libc/0.2.119/libc/struct.utsname.html) which glibc doesn't initialize. The code also assumes that every field is a valid UTF-8 string, which is also technically not guaranteed. The code also assumes that every field will be null terminated, which might not be true if any of the strings are too long (since glibc uses `strncpy` which will *not* null-terminate the string if it ends up running out of space). This PR should fix all of these problems. This is a breaking change. Co-authored-by: Jan Bujak <jan@parity.io>
- Loading branch information
Showing
4 changed files
with
50 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,75 +1,77 @@ | ||
//! Get system identification | ||
use std::mem; | ||
use libc::{self, c_char}; | ||
use std::ffi::CStr; | ||
use std::str::from_utf8_unchecked; | ||
use std::os::unix::ffi::OsStrExt; | ||
use std::ffi::OsStr; | ||
use libc::c_char; | ||
use crate::{Errno, Result}; | ||
|
||
/// Describes the running system. Return type of [`uname`]. | ||
#[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)] | ||
#[repr(transparent)] | ||
pub struct UtsName(libc::utsname); | ||
|
||
impl UtsName { | ||
/// Name of the operating system implementation | ||
pub fn sysname(&self) -> &str { | ||
to_str(&(&self.0.sysname as *const c_char ) as *const *const c_char) | ||
/// Name of the operating system implementation. | ||
pub fn sysname(&self) -> &OsStr { | ||
cast_and_trim(&self.0.sysname) | ||
} | ||
|
||
/// Network name of this machine. | ||
pub fn nodename(&self) -> &str { | ||
to_str(&(&self.0.nodename as *const c_char ) as *const *const c_char) | ||
pub fn nodename(&self) -> &OsStr { | ||
cast_and_trim(&self.0.nodename) | ||
} | ||
|
||
/// Release level of the operating system. | ||
pub fn release(&self) -> &str { | ||
to_str(&(&self.0.release as *const c_char ) as *const *const c_char) | ||
pub fn release(&self) -> &OsStr { | ||
cast_and_trim(&self.0.release) | ||
} | ||
|
||
/// Version level of the operating system. | ||
pub fn version(&self) -> &str { | ||
to_str(&(&self.0.version as *const c_char ) as *const *const c_char) | ||
pub fn version(&self) -> &OsStr { | ||
cast_and_trim(&self.0.version) | ||
} | ||
|
||
/// Machine hardware platform. | ||
pub fn machine(&self) -> &str { | ||
to_str(&(&self.0.machine as *const c_char ) as *const *const c_char) | ||
pub fn machine(&self) -> &OsStr { | ||
cast_and_trim(&self.0.machine) | ||
} | ||
} | ||
|
||
/// Get system identification | ||
pub fn uname() -> UtsName { | ||
pub fn uname() -> Result<UtsName> { | ||
unsafe { | ||
let mut ret = mem::MaybeUninit::uninit(); | ||
libc::uname(ret.as_mut_ptr()); | ||
UtsName(ret.assume_init()) | ||
let mut ret = mem::MaybeUninit::zeroed(); | ||
Errno::result(libc::uname(ret.as_mut_ptr()))?; | ||
Ok(UtsName(ret.assume_init())) | ||
} | ||
} | ||
|
||
#[inline] | ||
fn to_str<'a>(s: *const *const c_char) -> &'a str { | ||
unsafe { | ||
let res = CStr::from_ptr(*s).to_bytes(); | ||
from_utf8_unchecked(res) | ||
} | ||
fn cast_and_trim(slice: &[c_char]) -> &OsStr { | ||
let length = slice.iter().position(|&byte| byte == 0).unwrap_or(slice.len()); | ||
let bytes = unsafe { | ||
std::slice::from_raw_parts(slice.as_ptr().cast(), length) | ||
}; | ||
|
||
OsStr::from_bytes(bytes) | ||
} | ||
|
||
#[cfg(test)] | ||
mod test { | ||
#[cfg(target_os = "linux")] | ||
#[test] | ||
pub fn test_uname_linux() { | ||
assert_eq!(super::uname().sysname(), "Linux"); | ||
assert_eq!(super::uname().unwrap().sysname(), "Linux"); | ||
} | ||
|
||
#[cfg(any(target_os = "macos", target_os = "ios"))] | ||
#[test] | ||
pub fn test_uname_darwin() { | ||
assert_eq!(super::uname().sysname(), "Darwin"); | ||
assert_eq!(super::uname().unwrap().sysname(), "Darwin"); | ||
} | ||
|
||
#[cfg(target_os = "freebsd")] | ||
#[test] | ||
pub fn test_uname_freebsd() { | ||
assert_eq!(super::uname().sysname(), "FreeBSD"); | ||
assert_eq!(super::uname().unwrap().sysname(), "FreeBSD"); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters