shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-10-28 11:55:44 +03:00
Code

Merge pull request #6258 from vcaputo/overflow

Browse Source 
fix strxcpyx null termination overflows
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-07-03 21:29:14 -04:00 committed by GitHub
commit 2240fc54e9
2 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/basic/strxcpyx.c
View File

@ -19,8 +19,13 @@
/* /*
* Concatenates/copies strings. In any case, terminates in all cases * Concatenates/copies strings. In any case, terminates in all cases
* with '\0' * and moves the @dest pointer forward to the added '\0'. * with '\0' and moves the @dest pointer forward to the added '\0'.
* Returns the * remaining size, and 0 if the string was truncated. * Returns the remaining size, and 0 if the string was truncated.
*
* Due to the intended usage, these helpers silently noop invocations
* having zero size. This is technically an exception to the above
* statement "terminates in all cases". It's unexpected for such calls to
* occur outside of a loop where this is the preferred behavior.
*/ */
#include <stdarg.h> #include <stdarg.h>
@ -32,6 +37,12 @@
size_t strpcpy(char **dest, size_t size, const char *src) { size_t strpcpy(char **dest, size_t size, const char *src) {
size_t len; size_t len;
assert(dest);
assert(src);
if (size == 0)
return 0;
len = strlen(src); len = strlen(src);
if (len >= size) { if (len >= size) {
if (size > 1) if (size > 1)
@ -51,23 +62,30 @@ size_t strpcpyf(char **dest, size_t size, const char *src, ...) {
va_list va; va_list va;
int i; int i;
assert(dest);
assert(src);
if (size == 0)
return 0;
va_start(va, src); va_start(va, src);
i = vsnprintf(*dest, size, src, va); i = vsnprintf(*dest, size, src, va);
if (i < (int)size) { if (i < (int)size) {
*dest += i; *dest += i;
size -= i; size -= i;
} else { } else {
*dest += size;
size = 0; size = 0;
} }
va_end(va); va_end(va);
*dest[0] = '\0';
return size; return size;
} }
size_t strpcpyl(char **dest, size_t size, const char *src, ...) { size_t strpcpyl(char **dest, size_t size, const char *src, ...) {
va_list va; va_list va;
assert(dest);
assert(src);
va_start(va, src); va_start(va, src);
do { do {
size = strpcpy(dest, size, src); size = strpcpy(dest, size, src);
@ -80,6 +98,9 @@ size_t strpcpyl(char **dest, size_t size, const char *src, ...) {
size_t strscpy(char *dest, size_t size, const char *src) { size_t strscpy(char *dest, size_t size, const char *src) {
char *s; char *s;
assert(dest);
assert(src);
s = dest; s = dest;
return strpcpy(&s, size, src); return strpcpy(&s, size, src);
} }
@ -88,6 +109,9 @@ size_t strscpyl(char *dest, size_t size, const char *src, ...) {
va_list va; va_list va;
char *s; char *s;
assert(dest);
assert(src);
va_start(va, src); va_start(va, src);
s = dest; s = dest;
do { do {

7
src/test/test-strxcpyx.c
View File

@ -51,6 +51,13 @@ static void test_strpcpyf(void) {
assert_se(streq(target, "space left: 25. foobar")); assert_se(streq(target, "space left: 25. foobar"));
assert_se(space_left == 3); assert_se(space_left == 3);
/* test overflow */
s = target;
space_left = strpcpyf(&s, 12, "00 left: %i. ", 999);
assert_se(streq(target, "00 left: 99"));
assert_se(space_left == 0);
assert_se(target[12] == '2');
} }
static void test_strpcpyl(void) { static void test_strpcpyl(void) {