Date: Mon, 18 Apr 2005 11:44:15 GMT From: Elmar Bartel <elmar@devsoft.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/80064: Incorrect use of strlcat Message-ID: <200504181144.j3IBiFnM022503@www.freebsd.org> Resent-Message-ID: <200504181150.j3IBoNAv004106@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80064
>Category: bin
>Synopsis: Incorrect use of strlcat
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 18 11:50:22 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Elmar Bartel
>Release: 5.2
>Organization:
leo.org
>Environment:
FreeBSD pegasus.devsoft.com 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sat Oct 2 14:17:47 CEST 2004 elmar@pegasus.devsoft.com:/usr/src/sys/i386/compile/PEGASUS i386
>Description:
Version 1.34 of /usr/src/sbin/dump/main.c changed the call of strncat to strlcat, but it didn't change the size parameter: Version 1.33 used (line 602)
(void)strncat(rawbuf, "/r", MAXPATHLEN - 1 - strlen(rawbuf));
(void)strncat(rawbuf, dp + 1, MAXPATHLEN - 1 - strlen(rawbuf));
Now it reads:
(void)strlcat(rawbuf, "/r", MAXPATHLEN - 1 - strlen(rawbuf));
(void)strlcat(rawbuf, dp + 1, MAXPATHLEN - 1 - strlen(rawbuf));
>How-To-Repeat:
Nothing to repeat
>Fix:
Change the lines in question to:
(void)strlcat(rawbuf, "/r", MAXPATHLEN);
(void)strlcat(rawbuf, dp + 1, MAXPATHLEN);
And also the line with strlcpy (3 line previously) could be changed:
(void)strlcpy(rawbuf, cp, MAXPATHLEN);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504181144.j3IBiFnM022503>