From 72060a2b2bdede62fd5874f10d523379a4dbdcc4 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Wed, 15 Nov 2023 22:49:13 +0100 Subject: [PATCH] lib/env.c: Replace strncpy(3) call by stpcpy(mempcpy(), "") We were using strncpy(3), which is designed to copy from a string into a (null-padded) fixed-size character array. However, we were doing the opposite: copying from a known-size array (which was a prefix of a string), into a string. That's why we had to manually zero the buffer afterwards. Use instead mempcpy(3) to copy the non-null bytes, and then terminate with a null byte with stpcpy(..., ""). Cc: "Serge E. Hallyn" Signed-off-by: Alejandro Colomar --- lib/env.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/env.c b/lib/env.c index dc35c54d..6d6b1370 100644 --- a/lib/env.c +++ b/lib/env.c @@ -192,8 +192,7 @@ void set_env (int argc, char *const *argv) } if (NULL != *p) { - strncpy (variable, *argv, (size_t)(cp - *argv)); - variable[cp - *argv] = '\0'; + stpcpy(mempcpy(variable, *argv, (size_t)(cp - *argv)), ""); printf (_("You may not change $%s\n"), variable); continue;