From owner-cvs-all  Thu Apr 25 12:50:42 2002
Delivered-To: cvs-all@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9744737B41C; Thu, 25 Apr 2002 12:50:15 -0700 (PDT)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id FAA16629;
	Fri, 26 Apr 2002 05:46:06 +1000
Date: Fri, 26 Apr 2002 05:47:12 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: "Kenneth D. Merry" <ken@kdm.org>
Cc: "M. Warner Losh" <imp@village.org>, <obrien@FreeBSD.org>,
	<cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org>
Subject: Re: cvs commit: src/lib/libcam camlib.h
In-Reply-To: <20020424224122.A48194@panzer.kdm.org>
Message-ID: <20020426054140.N1572-100000@gamplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Wed, 24 Apr 2002, Kenneth D. Merry wrote:

> On Wed, Apr 24, 2002 at 21:46:51 +1000, Bruce Evans wrote:
> > 	/*
> > 	 * If the user passed in a path, save it for him.
> > 	 */
> > 	if (given_path != NULL)
> > 		strncpy(device->device_path, given_path, MAXPATHLEN + 1);
> > 	else
> > 		device->device_path[0] = '\0';
> >
> > This used to have an off-by-1 error.  Now it has an off-by-2 error.  The
> > ...

> The only problem is, the NUL terminator isn't put in either string, and the
> structure isn't bzeroed, I think.
>
> So what needs to be done is make sure the strncpy() instance above doesn't
> overflow, and make sure the strings are NUL terminated.
>
> I think the attached patch will fix the problem, let me know what you
> think.  strncpy() could be used instead of strlcpy(), with the addition of
> an extra line to NUL terminate the string in case the string copied into
> the buffer is as long as the buffer.

Seems OK.  Do you care about truncation errors?  Libraries really should.

There are a couple of other strncpy()'s that could use strlcpy().  One
already uses explicit NUL termination.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message