lib/util Use compiler-checked safe string macros in top level code.

This brings the 'safe' macros to the top level code, and removes
duplication of the safe_strcpy() and safe_strcat() functions.

Andrew Bartlett

2 files changed, 27 insertions, 35 deletions

diff --git a/lib/util/util.h b/lib/util/util.h
index 5ed8427498..45f1b9cd79 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -62,6 +62,8 @@ extern const char *panic_action;
 
 #include "lib/util/memory.h"
 
+#include "lib/util/string_wrappers.h"
+
 /**
  * Write backtrace to debug log
  */
@@ -248,13 +250,13 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c);
  Safe string copy into a known length string. maxlength does not
  include the terminating zero.
 **/
-_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength);
+_PUBLIC_ char *safe_strcpy_fn(char *dest,const char *src, size_t maxlength);
 
 /**
  Safe string cat into a string. maxlength does not
  include the terminating zero.
 **/
-_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength);
+_PUBLIC_ char *safe_strcat_fn(char *dest, const char *src, size_t maxlength);
 
 /**
  Routine to get hex characters and turn them into a 16 byte array.
diff --git a/lib/util/util_str.c b/lib/util/util_str.c
index cf3d60df8f..34dd5be56e 100644
--- a/lib/util/util_str.c
+++ b/lib/util/util_str.c
@@ -35,70 +35,60 @@
  Safe string copy into a known length string. maxlength does not
  include the terminating zero.
 **/
-_PUBLIC_ char *safe_strcpy(char *dest,const char *src, size_t maxlength)
+
+_PUBLIC_ char *safe_strcpy_fn(char *dest,
+			      const char *src,
+			      size_t maxlength)
 {
 	size_t len;
 
 	if (!dest) {
-		DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
-		return NULL;
-	}
-
-#ifdef DEVELOPER
-	/* We intentionally write out at the extremity of the destination
-	 * string.  If the destination is too short (e.g. pstrcpy into mallocd
-	 * or fstring) then this should cause an error under a memory
-	 * checker. */
-	dest[maxlength] = '\0';
-	if (PTR_DIFF(&len, dest) > 0) {  /* check if destination is on the stack, ok if so */
-		log_suspicious_usage("safe_strcpy", src);
+		smb_panic("ERROR: NULL dest in safe_strcpy");
 	}
-#endif
 
 	if (!src) {
 		*dest = 0;
 		return dest;
-	}  
+	}
 
-	len = strlen(src);
+	len = strnlen(src, maxlength+1);
 
 	if (len > maxlength) {
-		DEBUG(0,("ERROR: string overflow by %u (%u - %u) in safe_strcpy [%.50s]\n",
-			 (unsigned int)(len-maxlength), (unsigned)len, (unsigned)maxlength, src));
+		DEBUG(0,("ERROR: string overflow by "
+			"%lu (%lu - %lu) in safe_strcpy [%.50s]\n",
+			 (unsigned long)(len-maxlength), (unsigned long)len,
+			 (unsigned long)maxlength, src));
 		len = maxlength;
 	}
-      
+
 	memmove(dest, src, len);
 	dest[len] = 0;
 	return dest;
-}  
+}
 
 /**
  Safe string cat into a string. maxlength does not
  include the terminating zero.
 **/
-_PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
+char *safe_strcat_fn(char *dest,
+		     const char *src,
+		     size_t maxlength)
 {
 	size_t src_len, dest_len;
 
 	if (!dest) {
-		DEBUG(0,("ERROR: NULL dest in safe_strcat\n"));
-		return NULL;
+		smb_panic("ERROR: NULL dest in safe_strcat");
 	}
 
 	if (!src)
 		return dest;
-	
-#ifdef DEVELOPER
-	if (PTR_DIFF(&src_len, dest) > 0) {  /* check if destination is on the stack, ok if so */
-		log_suspicious_usage("safe_strcat", src);
-	}
-#endif
-	src_len = strlen(src);
-	dest_len = strlen(dest);
+
+	src_len = strnlen(src, maxlength + 1);
+	dest_len = strnlen(dest, maxlength + 1);
 
 	if (src_len + dest_len > maxlength) {
-		DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
+		DEBUG(0,("ERROR: string overflow by %d "
+			"in safe_strcat [%.50s]\n",
 			 (int)(src_len + dest_len - maxlength), src));
 		if (maxlength > dest_len) {
 			memcpy(&dest[dest_len], src, maxlength - dest_len);
@@ -106,7 +96,7 @@ _PUBLIC_ char *safe_strcat(char *dest, const char *src, size_t maxlength)
 		dest[maxlength] = 0;
 		return NULL;
 	}
-	
+
 	memcpy(&dest[dest_len], src, src_len);
 	dest[dest_len + src_len] = 0;
 	return dest;