URL:
https://github.com/SSSD/sssd/pull/455
Title: #455: mmap_cache: make checks independent of input size
sumit-bose commented:
"""
I agree this is nitpicking and artificial, but I think strcmp() can run outside the data
table.
If the last slot in the data table is the last of an initgr record with many GIDs for a
user with a short user name, e.g. 'user' and the slot is fully used so that the
user name is at the end of the slot. data_len of in the initgr record (which is used for
strs_len in sss_mc_find_record() in this case) will be large keys much longer then
'user' will pass until the strcmp. If now due to a corruption the '0' at
the end of the user name (and the unique name) are replaced by a '-' with a key
like 'user-user-x' strcmp() will read the first byte of the free table when trying
to compare the 'x'. But I agree that even then it would not do any harm because we
are still reading from our own memory.
So I will remove the memchr().
But maybe, since I'm planning to do some changes to the memory cache anyways, it would
make sense to add the name length explicitly the data records. This would make the checks
and comparison much easier and faster because strncmp() can be used. What do you think?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/455#issuecomment-346855219