1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

lib/util Use compiler-checked safe string macros in top level code.

This brings the 'safe' macros to the top level code, and removes
duplication of the safe_strcpy() and safe_strcat() functions.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2011-05-03 15:23:19 +10:00
parent d01f318179
commit 86a62ab434
2 changed files with 27 additions and 35 deletions

View File

@ -62,6 +62,8 @@ extern const char *panic_action;
#include "lib/util/memory.h" #include "lib/util/memory.h"
#include "lib/util/string_wrappers.h"
/** /**
* Write backtrace to debug log * Write backtrace to debug log
*/ */
@ -248,13 +250,13 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c);
Safe string copy into a known length string. maxlength does not Safe string copy into a known length string. maxlength does not
include the terminating zero. include the terminating zero.
**/ **/
_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength); _PUBLIC_ char *safe_strcpy_fn(char *dest,const char *src, size_t maxlength);
/** /**
Safe string cat into a string. maxlength does not Safe string cat into a string. maxlength does not
include the terminating zero. include the terminating zero.
**/ **/
_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength); _PUBLIC_ char *safe_strcat_fn(char *dest, const char *src, size_t maxlength);
/** /**
Routine to get hex characters and turn them into a 16 byte array. Routine to get hex characters and turn them into a 16 byte array.

View File

@ -35,70 +35,60 @@
Safe string copy into a known length string. maxlength does not Safe string copy into a known length string. maxlength does not
include the terminating zero. include the terminating zero.
**/ **/
_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
_PUBLIC_ char *safe_strcpy_fn(char *dest,
const char *src,
size_t maxlength)
{ {
size_t len; size_t len;
if (!dest) { if (!dest) {
DEBUG(0,("ERROR: NULL dest in safe_strcpy\n")); smb_panic("ERROR: NULL dest in safe_strcpy");
return NULL;
} }
#ifdef DEVELOPER
/* We intentionally write out at the extremity of the destination
* string. If the destination is too short (e.g. pstrcpy into mallocd
* or fstring) then this should cause an error under a memory
* checker. */
dest[maxlength] = '\0';
if (PTR_DIFF(&len, dest) > 0) { /* check if destination is on the stack, ok if so */
log_suspicious_usage("safe_strcpy", src);
}
#endif
if (!src) { if (!src) {
*dest = 0; *dest = 0;
return dest; return dest;
} }
len = strlen(src); len = strnlen(src, maxlength+1);
if (len > maxlength) { if (len > maxlength) {
DEBUG(0,("ERROR: string overflow by %u (%u - %u) in safe_strcpy [%.50s]\n", DEBUG(0,("ERROR: string overflow by "
(unsigned int)(len-maxlength), (unsigned)len, (unsigned)maxlength, src)); "%lu (%lu - %lu) in safe_strcpy [%.50s]\n",
(unsigned long)(len-maxlength), (unsigned long)len,
(unsigned long)maxlength, src));
len = maxlength; len = maxlength;
} }
memmove(dest, src, len); memmove(dest, src, len);
dest[len] = 0; dest[len] = 0;
return dest; return dest;
} }
/** /**
Safe string cat into a string. maxlength does not Safe string cat into a string. maxlength does not
include the terminating zero. include the terminating zero.
**/ **/
_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength) char *safe_strcat_fn(char *dest,
const char *src,
size_t maxlength)
{ {
size_t src_len, dest_len; size_t src_len, dest_len;
if (!dest) { if (!dest) {
DEBUG(0,("ERROR: NULL dest in safe_strcat\n")); smb_panic("ERROR: NULL dest in safe_strcat");
return NULL;
} }
if (!src) if (!src)
return dest; return dest;
#ifdef DEVELOPER src_len = strnlen(src, maxlength + 1);
if (PTR_DIFF(&src_len, dest) > 0) { /* check if destination is on the stack, ok if so */ dest_len = strnlen(dest, maxlength + 1);
log_suspicious_usage("safe_strcat", src);
}
#endif
src_len = strlen(src);
dest_len = strlen(dest);
if (src_len + dest_len > maxlength) { if (src_len + dest_len > maxlength) {
DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n", DEBUG(0,("ERROR: string overflow by %d "
"in safe_strcat [%.50s]\n",
(int)(src_len + dest_len - maxlength), src)); (int)(src_len + dest_len - maxlength), src));
if (maxlength > dest_len) { if (maxlength > dest_len) {
memcpy(&dest[dest_len], src, maxlength - dest_len); memcpy(&dest[dest_len], src, maxlength - dest_len);
@ -106,7 +96,7 @@ _PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
dest[maxlength] = 0; dest[maxlength] = 0;
return NULL; return NULL;
} }
memcpy(&dest[dest_len], src, src_len); memcpy(&dest[dest_len], src, src_len);
dest[dest_len + src_len] = 0; dest[dest_len + src_len] = 0;
return dest; return dest;