Date: Fri, 04 Aug 2000 15:22:28 -0600 From: Warner Losh <imp@village.org> To: Kris Kennaway <kris@hub.freebsd.org> Cc: audit@FreeBSD.ORG Subject: Re: ether_line() patch Message-ID: <200008042122.PAA13032@harmony.village.org> In-Reply-To: Your message of "Fri, 04 Aug 2000 14:10:03 PDT." <Pine.BSF.4.21.0008041408420.64303-100000@hub.freebsd.org> References: <Pine.BSF.4.21.0008041408420.64303-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.0008041408420.64303-100000@hub.freebsd.org> Kris Kennaway writes:
: On Fri, 4 Aug 2000, Kris Kennaway wrote:
:
: > strncpy does not null-terminate if strlen(result) == resultlen. In that
: > case the buf[resultlen] character will be stomped by the NULL - it's a
: > trivial change, but I think it's correct.
:
: Actually we were both wrong - this strncpy was just bogus and did no
: bounds checking. This patch hunk should be better.
:
: @@ -156,8 +178,8 @@
: strlen(ether_a), &result, &resultlen)) {
: continue;
: }
: - strncpy(buf, result, resultlen);
: - buf[resultlen] = '\0';
: + strncpy(buf, result, sizeof(buf) - 1);
: + buf[sizeof(buf)] = '\0';
: free(result);
: }
: #endif
Well, you weren't listening to me when I was wrong :-) At least about
the parts I was right about :-).
This is incorrect too. It should be buf[sizeof(buf) - 1] = '\0';
because the valid range of buf is [0..sizeof(buf) - 1]. You don't
need the -1 on strncpy, but that's a style issue. The post conditions
are identical with it or without it:
strncpy(buf, result, sizeof(buf));
buf[sizeof(buf) - 1] = '\0';
The -1 might optimize the copying of one byte, but often it can cause
more code to execute if the expression to the left of it isn't a
compile time constant.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008042122.PAA13032>