diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-05-03 15:23:19 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-05-03 07:37:07 +0200 |
commit | 86a62ab4345b8567a346587d2ddf575523d0b5f8 (patch) | |
tree | 5f79f4a4c612dac6d01a66b7c187bd7e5c127e12 | |
parent | d01f318179f9c2a0e6730642d21465b6dd69ea9f (diff) | |
download | samba-86a62ab4345b8567a346587d2ddf575523d0b5f8.tar.gz samba-86a62ab4345b8567a346587d2ddf575523d0b5f8.tar.bz2 samba-86a62ab4345b8567a346587d2ddf575523d0b5f8.zip |
lib/util Use compiler-checked safe string macros in top level code.
This brings the 'safe' macros to the top level code, and removes
duplication of the safe_strcpy() and safe_strcat() functions.
Andrew Bartlett
-rw-r--r-- | lib/util/util.h | 6 | ||||
-rw-r--r-- | lib/util/util_str.c | 56 |
2 files changed, 27 insertions, 35 deletions
diff --git a/lib/util/util.h b/lib/util/util.h index 5ed8427498..45f1b9cd79 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -62,6 +62,8 @@ extern const char *panic_action; #include "lib/util/memory.h" +#include "lib/util/string_wrappers.h" + /** * Write backtrace to debug log */ @@ -248,13 +250,13 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c); Safe string copy into a known length string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength); +_PUBLIC_ char *safe_strcpy_fn(char *dest,const char *src, size_t maxlength); /** Safe string cat into a string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength); +_PUBLIC_ char *safe_strcat_fn(char *dest, const char *src, size_t maxlength); /** Routine to get hex characters and turn them into a 16 byte array. diff --git a/lib/util/util_str.c b/lib/util/util_str.c index cf3d60df8f..34dd5be56e 100644 --- a/lib/util/util_str.c +++ b/lib/util/util_str.c @@ -35,70 +35,60 @@ Safe string copy into a known length string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength) + +_PUBLIC_ char *safe_strcpy_fn(char *dest, + const char *src, + size_t maxlength) { size_t len; if (!dest) { - DEBUG(0,("ERROR: NULL dest in safe_strcpy\n")); - return NULL; - } - -#ifdef DEVELOPER - /* We intentionally write out at the extremity of the destination - * string. If the destination is too short (e.g. pstrcpy into mallocd - * or fstring) then this should cause an error under a memory - * checker. */ - dest[maxlength] = '\0'; - if (PTR_DIFF(&len, dest) > 0) { /* check if destination is on the stack, ok if so */ - log_suspicious_usage("safe_strcpy", src); + smb_panic("ERROR: NULL dest in safe_strcpy"); } -#endif if (!src) { *dest = 0; return dest; - } + } - len = strlen(src); + len = strnlen(src, maxlength+1); if (len > maxlength) { - DEBUG(0,("ERROR: string overflow by %u (%u - %u) in safe_strcpy [%.50s]\n", - (unsigned int)(len-maxlength), (unsigned)len, (unsigned)maxlength, src)); + DEBUG(0,("ERROR: string overflow by " + "%lu (%lu - %lu) in safe_strcpy [%.50s]\n", + (unsigned long)(len-maxlength), (unsigned long)len, + (unsigned long)maxlength, src)); len = maxlength; } - + memmove(dest, src, len); dest[len] = 0; return dest; -} +} /** Safe string cat into a string. maxlength does not include the terminating zero. **/ -_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength) +char *safe_strcat_fn(char *dest, + const char *src, + size_t maxlength) { size_t src_len, dest_len; if (!dest) { - DEBUG(0,("ERROR: NULL dest in safe_strcat\n")); - return NULL; + smb_panic("ERROR: NULL dest in safe_strcat"); } if (!src) return dest; - -#ifdef DEVELOPER - if (PTR_DIFF(&src_len, dest) > 0) { /* check if destination is on the stack, ok if so */ - log_suspicious_usage("safe_strcat", src); - } -#endif - src_len = strlen(src); - dest_len = strlen(dest); + + src_len = strnlen(src, maxlength + 1); + dest_len = strnlen(dest, maxlength + 1); if (src_len + dest_len > maxlength) { - DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n", + DEBUG(0,("ERROR: string overflow by %d " + "in safe_strcat [%.50s]\n", (int)(src_len + dest_len - maxlength), src)); if (maxlength > dest_len) { memcpy(&dest[dest_len], src, maxlength - dest_len); @@ -106,7 +96,7 @@ _PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength) dest[maxlength] = 0; return NULL; } - + memcpy(&dest[dest_len], src, src_len); dest[dest_len + src_len] = 0; return dest; |