Date: Mon, 15 Jul 2002 21:25:15 +0300 From: Giorgos Keramidas <keramida@FreeBSD.org> To: "M. Warner Losh" <imp@bsdimp.com> Cc: bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715182514.GC55859@hades.hell.gr> In-Reply-To: <20020715.090420.83279095.imp@bsdimp.com> References: <xzpele59w21.fsf@flood.ping.uio.no> <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-07-15 09:04 +0000, M. Warner Losh wrote: > In message: <20020715111436.GD50130@hades.hell.gr> > Giorgos Keramidas <keramida@FreeBSD.ORG> writes: > : + if ((pathlen = snprintf(path, sizeof(path), "%s/%s", > : + source, p)) == -1 || pathlen >= (int)sizeof(path)) { > > That's down right stupid. > > snprintf never returns a negative number. It always returns the > number of characters that it would have used to make the string. It's not obvious from the manpage. I haven't read the __vfprintf() code to find out, but I assumed this is why the return type of snprintf() was declared as `int' and not as `size_t'. If -1 is never possible to be a return value of snprintf(), then I assumed wrong. > The code was right before. However, maybe the following is better and > clearer: > > if (strlen(source) + strlen(p) + 1 >= PATH_MAX) { > ... ETOOLONG stuff > } > snprintf(...); The format of sprintf() after the size checks is "%s/%s" and sprintf() will need +2 bytes to store '/' and the terminating '\0'. How about this? %%% Index: ln.c =================================================================== RCS file: /home/ncvs/src/bin/ln/ln.c,v retrieving revision 1.28 diff -u -r1.28 ln.c --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 +++ ln.c 15 Jul 2002 18:20:19 -0000 @@ -189,12 +189,12 @@ p = target; else ++p; - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= - sizeof(path)) { + if (strlen(source) + strlen(p) + 2 > sizeof path) { errno = ENAMETOOLONG; warn("%s", target); return (1); } + sprintf(path, "%s/%s", source, p); source = path; } %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020715182514.GC55859>