Re: [PATCH] locomo.c: convert strncpy(x, y, sizeof(x)) to strlcpy

H. Peter Anvin wrote:
Roel Kluin wrote:
This patch was not yet tested. Please confirm it's right.
---
strncpy does not append '\0' if the length of the source string equals
the size parameter, strlcpy does.


Are you sure it's safe to not zero out the contents of the buffer (no
information leak)?

-hpa

As I understand it, please correct me if I'm wrong:

Of the three variants: strcpy, strncpy and strlcpy.
- strcpy does not append \0 (unless the source string already contained it)
- strncpy appends \0's if the source string is smaller than the size
parameter (for all remaining characters)
- strlcpy always appends a single \0 (unless size parameter was 0)

char *strcpy(char *dest, const char *src);
char *strncpy(char *dest, const char *src, size_t n);
size_t strlcpy(char *dst, const char *src, size_t n);

In the original code strncpy was used and the size parameter was equal
to the source string size:

strncpy(dev->dev.bus_id, info->name, sizeof(dev->dev.bus_id));

Since this the size was equal there was no \0 termination. To \0
terminate using strncpy we could write:

strncpy(dev->dev.bus_id, info->name, sizeof(dev->dev.bus_id) - 1);
dev->dev.bus_id[sizeof(dev->dev.bus_id) - 1] = '\0';

or using strlcpy, which does the same thing:

strlcpy(dev->dev.bus_id, info->name, sizeof(dev->dev.bus_id));

Roel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: [PATCH] locomo.c: convert strncpy(x, y, sizeof(x)) to strlcpy
    ... Of the three variants: strcpy, strncpy and strlcpy. ... - strcpy does not append \0 (unless the source string already contained it) ...
    (Linux-Kernel)
  • Re: Stack growth direction to thwart buffer overflow attacks
    ... Alas, strncpy() is tricky to use, and can be very expensive: ... strncpydoes NOT always NUL-terminate the destination buffer ... IMHO the strlcpy() API introduced by the OpenBSD project ... number of them (if the buffer is much larger than the source string), ...
    (comp.security.unix)
  • Re: Stack growth direction to thwart buffer overflow attacks
    ... Alas, strncpy() is tricky to use, and can be very expensive: ... strncpydoes NOT always NUL-terminate the destination buffer ... IMHO the strlcpy() API introduced by the OpenBSD project ... number of them (if the buffer is much larger than the source string), ...
    (comp.security.misc)
  • Re: C (functional programming) VS C++ (object oriented programming)
    ... strlcpy was not included in the GLIBC, because they are non-believers: there are many instances of strncpy in the GLIBC, most of which are wrong and could have been fixed with strlcpy. ... It's a shame the committee would not define a proper library function for limited string copy and concatenation, so everybody can safely rely on a standardized, well defined API. ...
    (comp.lang.c)
  • Re: strcpy vs memcpy
    ... bound how much is copied to the destination. ... strncpy() is almost never the right solution because it requires the ... The right solution is strlcpy(), ... have an appropriate newsgroups line in your header for your mail to be seen, ...
    (comp.lang.c.moderated)