mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
lib/util Use compiler-checked safe string macros in top level code.
This brings the 'safe' macros to the top level code, and removes duplication of the safe_strcpy() and safe_strcat() functions. Andrew Bartlett
This commit is contained in:
parent
d01f318179
commit
86a62ab434
@ -62,6 +62,8 @@ extern const char *panic_action;
|
|||||||
|
|
||||||
#include "lib/util/memory.h"
|
#include "lib/util/memory.h"
|
||||||
|
|
||||||
|
#include "lib/util/string_wrappers.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Write backtrace to debug log
|
* Write backtrace to debug log
|
||||||
*/
|
*/
|
||||||
@ -248,13 +250,13 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c);
|
|||||||
Safe string copy into a known length string. maxlength does not
|
Safe string copy into a known length string. maxlength does not
|
||||||
include the terminating zero.
|
include the terminating zero.
|
||||||
**/
|
**/
|
||||||
_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength);
|
_PUBLIC_ char *safe_strcpy_fn(char *dest,const char *src, size_t maxlength);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Safe string cat into a string. maxlength does not
|
Safe string cat into a string. maxlength does not
|
||||||
include the terminating zero.
|
include the terminating zero.
|
||||||
**/
|
**/
|
||||||
_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength);
|
_PUBLIC_ char *safe_strcat_fn(char *dest, const char *src, size_t maxlength);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Routine to get hex characters and turn them into a 16 byte array.
|
Routine to get hex characters and turn them into a 16 byte array.
|
||||||
|
@ -35,70 +35,60 @@
|
|||||||
Safe string copy into a known length string. maxlength does not
|
Safe string copy into a known length string. maxlength does not
|
||||||
include the terminating zero.
|
include the terminating zero.
|
||||||
**/
|
**/
|
||||||
_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
|
|
||||||
|
_PUBLIC_ char *safe_strcpy_fn(char *dest,
|
||||||
|
const char *src,
|
||||||
|
size_t maxlength)
|
||||||
{
|
{
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
if (!dest) {
|
if (!dest) {
|
||||||
DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
|
smb_panic("ERROR: NULL dest in safe_strcpy");
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef DEVELOPER
|
|
||||||
/* We intentionally write out at the extremity of the destination
|
|
||||||
* string. If the destination is too short (e.g. pstrcpy into mallocd
|
|
||||||
* or fstring) then this should cause an error under a memory
|
|
||||||
* checker. */
|
|
||||||
dest[maxlength] = '\0';
|
|
||||||
if (PTR_DIFF(&len, dest) > 0) { /* check if destination is on the stack, ok if so */
|
|
||||||
log_suspicious_usage("safe_strcpy", src);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!src) {
|
if (!src) {
|
||||||
*dest = 0;
|
*dest = 0;
|
||||||
return dest;
|
return dest;
|
||||||
}
|
}
|
||||||
|
|
||||||
len = strlen(src);
|
len = strnlen(src, maxlength+1);
|
||||||
|
|
||||||
if (len > maxlength) {
|
if (len > maxlength) {
|
||||||
DEBUG(0,("ERROR: string overflow by %u (%u - %u) in safe_strcpy [%.50s]\n",
|
DEBUG(0,("ERROR: string overflow by "
|
||||||
(unsigned int)(len-maxlength), (unsigned)len, (unsigned)maxlength, src));
|
"%lu (%lu - %lu) in safe_strcpy [%.50s]\n",
|
||||||
|
(unsigned long)(len-maxlength), (unsigned long)len,
|
||||||
|
(unsigned long)maxlength, src));
|
||||||
len = maxlength;
|
len = maxlength;
|
||||||
}
|
}
|
||||||
|
|
||||||
memmove(dest, src, len);
|
memmove(dest, src, len);
|
||||||
dest[len] = 0;
|
dest[len] = 0;
|
||||||
return dest;
|
return dest;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Safe string cat into a string. maxlength does not
|
Safe string cat into a string. maxlength does not
|
||||||
include the terminating zero.
|
include the terminating zero.
|
||||||
**/
|
**/
|
||||||
_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
|
char *safe_strcat_fn(char *dest,
|
||||||
|
const char *src,
|
||||||
|
size_t maxlength)
|
||||||
{
|
{
|
||||||
size_t src_len, dest_len;
|
size_t src_len, dest_len;
|
||||||
|
|
||||||
if (!dest) {
|
if (!dest) {
|
||||||
DEBUG(0,("ERROR: NULL dest in safe_strcat\n"));
|
smb_panic("ERROR: NULL dest in safe_strcat");
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!src)
|
if (!src)
|
||||||
return dest;
|
return dest;
|
||||||
|
|
||||||
#ifdef DEVELOPER
|
src_len = strnlen(src, maxlength + 1);
|
||||||
if (PTR_DIFF(&src_len, dest) > 0) { /* check if destination is on the stack, ok if so */
|
dest_len = strnlen(dest, maxlength + 1);
|
||||||
log_suspicious_usage("safe_strcat", src);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
src_len = strlen(src);
|
|
||||||
dest_len = strlen(dest);
|
|
||||||
|
|
||||||
if (src_len + dest_len > maxlength) {
|
if (src_len + dest_len > maxlength) {
|
||||||
DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
|
DEBUG(0,("ERROR: string overflow by %d "
|
||||||
|
"in safe_strcat [%.50s]\n",
|
||||||
(int)(src_len + dest_len - maxlength), src));
|
(int)(src_len + dest_len - maxlength), src));
|
||||||
if (maxlength > dest_len) {
|
if (maxlength > dest_len) {
|
||||||
memcpy(&dest[dest_len], src, maxlength - dest_len);
|
memcpy(&dest[dest_len], src, maxlength - dest_len);
|
||||||
@ -106,7 +96,7 @@ _PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
|
|||||||
dest[maxlength] = 0;
|
dest[maxlength] = 0;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(&dest[dest_len], src, src_len);
|
memcpy(&dest[dest_len], src, src_len);
|
||||||
dest[dest_len + src_len] = 0;
|
dest[dest_len + src_len] = 0;
|
||||||
return dest;
|
return dest;
|
||||||
|
Loading…
Reference in New Issue
Block a user