Re: [PATCH 1/2] Implement strlcpy and strlcat [BZ #178]

[Alejandro Colomar <alx.manpages@gmail.com>]

[-- Attachment #1.1: Type: text/plain, Size: 1726 bytes --]

On 4/6/23 23:35, Florian Weimer wrote:
> NetBSD says this:
> 
> | Note however, that if strlcat() traverses size characters without
> | finding a NUL, the length of the string is considered to be size and
> | the destination string will not be NUL-terminated (since there was
> | no space for the NUL).  This keeps strlcat() from running off the
> | end of a string.  In practice this should not happen (as it means
> | that either size is incorrect or that dst is not a proper ``C''
> | string).  The check exists to prevent potential security problems in
> | incorrect code.
> 
> <https://man.netbsd.org/strlcat.3>
> 
> OpenBSD alludes to this as well:
> 
> | strlcat() appends string src to the end of dst. It will append at
> | most dstsize - strlen(dst) - 1 characters. It will then
> | NUL-terminate, unless dstsize is 0 or the original dst string was
> | longer than dstsize (in practice this should not happen as it means
> | that either dstsize is incorrect or that dst is not a proper
> | string).
> 
> <https://man.openbsd.org/strlcat>
> 
> So I think we should be calling strnlen here.  If we call strlen
> instead, we'd have to bound the result.

AFAIR, the design behind strlcpy(3) and cat(3) was that they would
intentionally overrun the buffers (read-only) to force crashes as
much as possible, which would uncover bugs in the code, rather than
silently continuing.  Don't know why they changed that.  Since it's
just reading the string without writing to it, I don't think anything
worse than a crash could possibly happen.

Cheers,
Alex

> 
> Thanks,
> Florian

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]