VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lib/string/: Fortify source of strtcpy(), stpecpy(), and zustr2stp()

Browse Source 
By writing the terminating null byte via stpcpy(3), we take advantage of
_FORTIFY_SOURCE for the last byte, which was unprotected before this
commit.

Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
2023-11-24 23:56:17 +01:00
committed by Serge Hallyn
parent 72060a2b2b
commit fc8389331e
3 changed files with 3 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/string/stpecpy.h
View File

@@ -66,7 +66,6 @@ inline char *
stpecpy(char *dst, char *end, const char *restrict src)
{
bool trunc;
char *p;
size_t dsize, dlen, slen;
if (dst == end)
@@ -79,10 +78,7 @@ stpecpy(char *dst, char *end, const char *restrict src)
trunc = (slen == dsize);
dlen = slen - trunc;
p = mempcpy(dst, src, dlen);
*p = '\0';
return p + trunc;
return stpcpy(mempcpy(dst, src, dlen), "") + trunc;
}

4
lib/string/strtcpy.h
View File

@@ -55,7 +55,6 @@ inline ssize_t
strtcpy(char *restrict dst, const char *restrict src, size_t dsize)
{
bool trunc;
char *p;
size_t dlen, slen;
if (dsize == 0)
@@ -65,8 +64,7 @@ strtcpy(char *restrict dst, const char *restrict src, size_t dsize)
trunc = (slen == dsize);
dlen = slen - trunc;
p = mempcpy(dst, src, dlen);
*p = '\0';
stpcpy(mempcpy(dst, src, dlen), "");
return trunc ? -1 : slen;
}

7
lib/string/zustr2stp.h
View File

@@ -72,12 +72,7 @@ inline char *zustr2stp(char *restrict dst, const char *restrict src, size_t sz);
inline char *
zustr2stp(char *restrict dst, const char *restrict src, size_t sz)
{
char *p;
p = mempcpy(dst, src, strnlen(src, sz));
*p = '\0';
return p;
return stpcpy(mempcpy(dst, src, strnlen(src, sz)), "");
}