Date: Fri, 26 Apr 2002 05:47:12 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: "Kenneth D. Merry" <ken@kdm.org> Cc: "M. Warner Losh" <imp@village.org>, <obrien@FreeBSD.org>, <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: src/lib/libcam camlib.h Message-ID: <20020426054140.N1572-100000@gamplex.bde.org> In-Reply-To: <20020424224122.A48194@panzer.kdm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 Apr 2002, Kenneth D. Merry wrote: > On Wed, Apr 24, 2002 at 21:46:51 +1000, Bruce Evans wrote: > > /* > > * If the user passed in a path, save it for him. > > */ > > if (given_path != NULL) > > strncpy(device->device_path, given_path, MAXPATHLEN + 1); > > else > > device->device_path[0] = '\0'; > > > > This used to have an off-by-1 error. Now it has an off-by-2 error. The > > ... > The only problem is, the NUL terminator isn't put in either string, and the > structure isn't bzeroed, I think. > > So what needs to be done is make sure the strncpy() instance above doesn't > overflow, and make sure the strings are NUL terminated. > > I think the attached patch will fix the problem, let me know what you > think. strncpy() could be used instead of strlcpy(), with the addition of > an extra line to NUL terminate the string in case the string copied into > the buffer is as long as the buffer. Seems OK. Do you care about truncation errors? Libraries really should. There are a couple of other strncpy()'s that could use strlcpy(). One already uses explicit NUL termination. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020426054140.N1572-100000>