From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from hera.aquilenet.fr (hera.aquilenet.fr [IPv6:2a0c:e300::1]) by sourceware.org (Postfix) with ESMTPS id CBD053858008 for ; Mon, 23 Nov 2020 00:36:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org CBD053858008 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=ens-lyon.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=samuel.thibault@ens-lyon.org Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id A850E11A1; Mon, 23 Nov 2020 01:36:00 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IwLesFbKlQDC; Mon, 23 Nov 2020 01:35:59 +0100 (CET) Received: from function.youpi.perso.aquilenet.fr (lfbn-bor-1-56-204.w90-50.abo.wanadoo.fr [90.50.148.204]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 3746711A2; Mon, 23 Nov 2020 01:35:57 +0100 (CET) Received: from samy by function.youpi.perso.aquilenet.fr with local (Exim 4.94) (envelope-from ) id 1kgzpj-006Lf6-CQ; Mon, 23 Nov 2020 01:35:55 +0100 From: Samuel Thibault To: libc-alpha@sourceware.org Cc: Samuel Thibault , commit-hurd@gnu.org Subject: [hurd,commited 2/5] hurd: Fix strcpy calls Date: Mon, 23 Nov 2020 01:35:51 +0100 Message-Id: <20201123003554.1513184-3-samuel.thibault@ens-lyon.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201123003554.1513184-1-samuel.thibault@ens-lyon.org> References: <20201123003554.1513184-1-samuel.thibault@ens-lyon.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_PASS, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2020 00:36:03 -0000 strcpy cannot be used with overlapping buffer, we have to use memmove instead. strcpy also cannot be safely used when the destination buffer is smaller that the source, we need to use strncpy to truncate the source if needed. --- hurd/lookup-retry.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hurd/lookup-retry.c b/hurd/lookup-retry.c index 6d8b05e4e6..348549e334 100644 --- a/hurd/lookup-retry.c +++ b/hurd/lookup-retry.c @@ -292,7 +292,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port) if (p < retryname) abort (); /* XXX write this right if this ever happens */ if (p > retryname) - strcpy (retryname, p); + memmove (retryname, p, strlen(p) + 1); startdir = *result; } else @@ -326,7 +326,7 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port) case '/': if (err = opentty (&startdir)) goto out; - strcpy (retryname, &retryname[4]); + memmove (retryname, &retryname[4], strlen(retryname + 4) + 1); break; default: goto bad_magic; @@ -344,7 +344,8 @@ __hurd_file_name_lookup_retry (error_t (*use_init_port) p = _itoa (__getpid (), &buf[sizeof buf], 10, 0); len = &buf[sizeof buf] - p; memcpy (buf, p, len); - strcpy (buf + len, &retryname[3]); + strncpy (buf + len, &retryname[3], sizeof buf - len - 1); + buf[sizeof buf - 1] = '\0'; strcpy (retryname, buf); /* Do a normal retry on the remaining components. */ -- 2.29.2