From: Florian Weimer <fw@deneb.enyo.de>
To: Alejandro Colomar via Libc-alpha <libc-alpha@sourceware.org>
Cc: Alejandro Colomar <alx.manpages@gmail.com>
Subject: Re: [PATCH 1/2] Implement strlcpy and strlcat [BZ #178]
Date: Thu, 06 Apr 2023 23:35:46 +0200 [thread overview]
Message-ID: <87fs9cn171.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <8513afd6-e276-05d5-bc4c-0722de71e0af@gmail.com> (Alejandro Colomar via Libc-alpha's message of "Thu, 6 Apr 2023 23:21:51 +0200")
* Alejandro Colomar via Libc-alpha:
>> + size_t src_length = strlen (src);
>> +
>> + /* Our implementation strlcat supports dest == NULL if size == 0
>> + (for consistency with snprintf and strlcpy), but strnlen does
>> + not, so we have to cover this case explicitly. */
>> + if (size == 0)
>> + return src_length;
>> +
>> + size_t dest_length = __strnlen (dest, size);
>
> The OpenBSD contract of strlcat(3) includes that _both_ the source
> string and the destination strings are NULL-terminated. I guess
> POSIX has kept that contract. If that's the case, we can just call
> strlen(3) here.
NetBSD says this:
| Note however, that if strlcat() traverses size characters without
| finding a NUL, the length of the string is considered to be size and
| the destination string will not be NUL-terminated (since there was
| no space for the NUL). This keeps strlcat() from running off the
| end of a string. In practice this should not happen (as it means
| that either size is incorrect or that dst is not a proper ``C''
| string). The check exists to prevent potential security problems in
| incorrect code.
<https://man.netbsd.org/strlcat.3>
OpenBSD alludes to this as well:
| strlcat() appends string src to the end of dst. It will append at
| most dstsize - strlen(dst) - 1 characters. It will then
| NUL-terminate, unless dstsize is 0 or the original dst string was
| longer than dstsize (in practice this should not happen as it means
| that either dstsize is incorrect or that dst is not a proper
| string).
<https://man.openbsd.org/strlcat>
So I think we should be calling strnlen here. If we call strlen
instead, we'd have to bound the result.
Thanks,
Florian
next prev parent reply other threads:[~2023-04-06 21:35 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-05 11:20 [PATCH 0/2] strlcpy/strlcat/wcslcpy/wcscat implementation Florian Weimer
2023-04-05 11:20 ` [PATCH 1/2] Implement strlcpy and strlcat [BZ #178] Florian Weimer
2023-04-05 13:18 ` Adhemerval Zanella Netto
2023-04-06 9:18 ` Florian Weimer
2023-04-06 14:22 ` Siddhesh Poyarekar
2023-04-06 15:09 ` Florian Weimer
2023-04-06 21:29 ` Alejandro Colomar
2023-04-11 14:28 ` Siddhesh Poyarekar
2023-04-20 10:55 ` Florian Weimer
2023-04-20 11:45 ` Siddhesh Poyarekar
2023-04-21 17:45 ` Florian Weimer
2023-04-06 21:21 ` Alejandro Colomar
2023-04-06 21:35 ` Florian Weimer [this message]
2023-04-06 22:15 ` Alejandro Colomar
2023-04-06 22:19 ` Alejandro Colomar
2023-04-06 22:34 ` Alejandro Colomar
2023-04-08 22:08 ` Paul Eggert
2023-04-09 15:29 ` Paul Eggert
2023-04-13 11:37 ` Florian Weimer
2023-04-13 14:39 ` Paul Eggert
2023-04-13 17:59 ` Paul Eggert
2023-04-20 8:07 ` Florian Weimer
2023-04-21 19:00 ` Paul Eggert
2023-04-28 8:49 ` Florian Weimer
2023-04-05 11:20 ` [PATCH 2/2] Add the wcslcpy, wcslcat functions Florian Weimer
2023-04-08 22:09 ` Paul Eggert
2023-04-05 12:30 ` [PATCH 0/2] strlcpy/strlcat/wcslcpy/wcscat implementation Alejandro Colomar
2023-04-08 22:05 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fs9cn171.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=alx.manpages@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).