From owner-freebsd-audit Tue Jan 16 14:49:16 2001 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 4E0A437B402 for ; Tue, 16 Jan 2001 14:48:57 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id 2CBC413613; Tue, 16 Jan 2001 17:48:46 -0500 (EST) Date: Tue, 16 Jan 2001 17:48:46 -0500 From: Chris Faulhaber To: freebsd-audit@FreeBSD.org Subject: strlcat fixes Message-ID: <20010116174845.A95772@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tony Finch submitted a couple strlcat.c PR's recently (24278 and 24295). Since no one has touched them, I would like to take care of them in short order. The first ensures that memory is not read if strlcat is called with a 0 size, ensuring potentially unallocated memory is not read: - while (*d != '\0' && n-- != 0) + while (n-- != 0 && *d != '\0') The second corrects the wording regarding the return value: - * Returns strlen(src); if retval >= siz, truncation occurred. + * Returns the smaller of strlen(dst) + strlen(src) and siz + strlen(src); + * if retval >= siz, truncation occurred. Comments? -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org Index: strlcat.c =================================================================== RCS file: /home/ncvs/src/lib/libc/string/strlcat.c,v retrieving revision 1.2 diff -u -r1.2 strlcat.c --- strlcat.c 1999/08/10 05:58:57 1.2 +++ strlcat.c 2001/01/16 14:27:44 @@ -38,7 +38,8 @@ * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. + * Returns the smaller of strlen(dst) + strlen(src) and siz + strlen(src); + * if retval >= siz, truncation occurred. */ size_t strlcat(dst, src, siz) char *dst; @@ -51,7 +52,7 @@ size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ - while (*d != '\0' && n-- != 0) + while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message