summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-05-03 15:23:19 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-05-03 07:37:07 +0200
commit86a62ab4345b8567a346587d2ddf575523d0b5f8 (patch)
tree5f79f4a4c612dac6d01a66b7c187bd7e5c127e12 /lib
parentd01f318179f9c2a0e6730642d21465b6dd69ea9f (diff)
downloadsamba-86a62ab4345b8567a346587d2ddf575523d0b5f8.tar.gz
samba-86a62ab4345b8567a346587d2ddf575523d0b5f8.tar.bz2
samba-86a62ab4345b8567a346587d2ddf575523d0b5f8.zip
lib/util Use compiler-checked safe string macros in top level code.
This brings the 'safe' macros to the top level code, and removes duplication of the safe_strcpy() and safe_strcat() functions. Andrew Bartlett
Diffstat (limited to 'lib')
-rw-r--r--lib/util/util.h6
-rw-r--r--lib/util/util_str.c56
2 files changed, 27 insertions, 35 deletions
diff --git a/lib/util/util.h b/lib/util/util.h
index 5ed8427498..45f1b9cd79 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -62,6 +62,8 @@ extern const char *panic_action;
#include "lib/util/memory.h"
+#include "lib/util/string_wrappers.h"
+
/**
* Write backtrace to debug log
*/
@@ -248,13 +250,13 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c);
Safe string copy into a known length string. maxlength does not
include the terminating zero.
**/
-_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength);
+_PUBLIC_ char *safe_strcpy_fn(char *dest,const char *src, size_t maxlength);
/**
Safe string cat into a string. maxlength does not
include the terminating zero.
**/
-_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength);
+_PUBLIC_ char *safe_strcat_fn(char *dest, const char *src, size_t maxlength);
/**
Routine to get hex characters and turn them into a 16 byte array.
diff --git a/lib/util/util_str.c b/lib/util/util_str.c
index cf3d60df8f..34dd5be56e 100644
--- a/lib/util/util_str.c
+++ b/lib/util/util_str.c
@@ -35,70 +35,60 @@
Safe string copy into a known length string. maxlength does not
include the terminating zero.
**/
-_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
+
+_PUBLIC_ char *safe_strcpy_fn(char *dest,
+ const char *src,
+ size_t maxlength)
{
size_t len;
if (!dest) {
- DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
- return NULL;
- }
-
-#ifdef DEVELOPER
- /* We intentionally write out at the extremity of the destination
- * string. If the destination is too short (e.g. pstrcpy into mallocd
- * or fstring) then this should cause an error under a memory
- * checker. */
- dest[maxlength] = '\0';
- if (PTR_DIFF(&len, dest) > 0) { /* check if destination is on the stack, ok if so */
- log_suspicious_usage("safe_strcpy", src);
+ smb_panic("ERROR: NULL dest in safe_strcpy");
}
-#endif
if (!src) {
*dest = 0;
return dest;
- }
+ }
- len = strlen(src);
+ len = strnlen(src, maxlength+1);
if (len > maxlength) {
- DEBUG(0,("ERROR: string overflow by %u (%u - %u) in safe_strcpy [%.50s]\n",
- (unsigned int)(len-maxlength), (unsigned)len, (unsigned)maxlength, src));
+ DEBUG(0,("ERROR: string overflow by "
+ "%lu (%lu - %lu) in safe_strcpy [%.50s]\n",
+ (unsigned long)(len-maxlength), (unsigned long)len,
+ (unsigned long)maxlength, src));
len = maxlength;
}
-
+
memmove(dest, src, len);
dest[len] = 0;
return dest;
-}
+}
/**
Safe string cat into a string. maxlength does not
include the terminating zero.
**/
-_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
+char *safe_strcat_fn(char *dest,
+ const char *src,
+ size_t maxlength)
{
size_t src_len, dest_len;
if (!dest) {
- DEBUG(0,("ERROR: NULL dest in safe_strcat\n"));
- return NULL;
+ smb_panic("ERROR: NULL dest in safe_strcat");
}
if (!src)
return dest;
-
-#ifdef DEVELOPER
- if (PTR_DIFF(&src_len, dest) > 0) { /* check if destination is on the stack, ok if so */
- log_suspicious_usage("safe_strcat", src);
- }
-#endif
- src_len = strlen(src);
- dest_len = strlen(dest);
+
+ src_len = strnlen(src, maxlength + 1);
+ dest_len = strnlen(dest, maxlength + 1);
if (src_len + dest_len > maxlength) {
- DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
+ DEBUG(0,("ERROR: string overflow by %d "
+ "in safe_strcat [%.50s]\n",
(int)(src_len + dest_len - maxlength), src));
if (maxlength > dest_len) {
memcpy(&dest[dest_len], src, maxlength - dest_len);
@@ -106,7 +96,7 @@ _PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
dest[maxlength] = 0;
return NULL;
}
-
+
memcpy(&dest[dest_len], src, src_len);
dest[dest_len + src_len] = 0;
return dest;