diff --git a/lib/util/util.h b/lib/util/util.h index 5ed8427498b..45f1b9cd79e 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -62,6 +62,8 @@ extern const char *panic_action; #include "lib/util/memory.h" +#include "lib/util/string_wrappers.h" + /** * Write backtrace to debug log */ @@ -248,13 +250,13 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c); Safe string copy into a known length string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength); +_PUBLIC_ char *safe_strcpy_fn(char *dest,const char *src, size_t maxlength); /** Safe string cat into a string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength); +_PUBLIC_ char *safe_strcat_fn(char *dest, const char *src, size_t maxlength); /** Routine to get hex characters and turn them into a 16 byte array. diff --git a/lib/util/util_str.c b/lib/util/util_str.c index cf3d60df8fa..34dd5be56eb 100644 --- a/lib/util/util_str.c +++ b/lib/util/util_str.c @@ -35,70 +35,60 @@ Safe string copy into a known length string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength) + +_PUBLIC_ char *safe_strcpy_fn(char *dest, + const char *src, + size_t maxlength) { size_t len; if (!dest) { - DEBUG(0,("ERROR: NULL dest in safe_strcpy\n")); - return NULL; + smb_panic("ERROR: NULL dest in safe_strcpy"); } -#ifdef DEVELOPER - /* We intentionally write out at the extremity of the destination - * string. If the destination is too short (e.g. pstrcpy into mallocd - * or fstring) then this should cause an error under a memory - * checker. */ - dest[maxlength] = '\0'; - if (PTR_DIFF(&len, dest) > 0) { /* check if destination is on the stack, ok if so */ - log_suspicious_usage("safe_strcpy", src); - } -#endif - if (!src) { *dest = 0; return dest; - } + } - len = strlen(src); + len = strnlen(src, maxlength+1); if (len > maxlength) { - DEBUG(0,("ERROR: string overflow by %u (%u - %u) in safe_strcpy [%.50s]\n", - (unsigned int)(len-maxlength), (unsigned)len, (unsigned)maxlength, src)); + DEBUG(0,("ERROR: string overflow by " + "%lu (%lu - %lu) in safe_strcpy [%.50s]\n", + (unsigned long)(len-maxlength), (unsigned long)len, + (unsigned long)maxlength, src)); len = maxlength; } - + memmove(dest, src, len); dest[len] = 0; return dest; -} +} /** Safe string cat into a string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength) +char *safe_strcat_fn(char *dest, + const char *src, + size_t maxlength) { size_t src_len, dest_len; if (!dest) { - DEBUG(0,("ERROR: NULL dest in safe_strcat\n")); - return NULL; + smb_panic("ERROR: NULL dest in safe_strcat"); } if (!src) return dest; - -#ifdef DEVELOPER - if (PTR_DIFF(&src_len, dest) > 0) { /* check if destination is on the stack, ok if so */ - log_suspicious_usage("safe_strcat", src); - } -#endif - src_len = strlen(src); - dest_len = strlen(dest); + + src_len = strnlen(src, maxlength + 1); + dest_len = strnlen(dest, maxlength + 1); if (src_len + dest_len > maxlength) { - DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n", + DEBUG(0,("ERROR: string overflow by %d " + "in safe_strcat [%.50s]\n", (int)(src_len + dest_len - maxlength), src)); if (maxlength > dest_len) { memcpy(&dest[dest_len], src, maxlength - dest_len); @@ -106,7 +96,7 @@ _PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength) dest[maxlength] = 0; return NULL; } - + memcpy(&dest[dest_len], src, src_len); dest[dest_len + src_len] = 0; return dest;