6adaa40135
There's been a very long and interesting discussion in linux-man@ and libc-alpha@, where we've discussed all the string-copying functions, their pros and cons, when should each be used and avoided, etc. Paul Eggert pointed out an important problem of strlcpy(3): it is vulnerable to DoS attacks if an attacker controls the length of the source string. And even if it doesn't control it, the function is dead slow (because its API forces it to calculate strlen(src)). We've agreed that the general solution for a truncating string-copying function is to write a wrapper over strnlen(3)+memcpy(3), which is limited to strnlen(src, sizeof(dst)). This is not vulnerable to DoS, and is very fast for all buffer sizes. string_copying(7) has been updated to reflect this, and provides a reference implementation for this wrapper function. This strtcpy(3) (t for truncation) wrapper happens to have the same API that our strlcpy_() function had, so replace it with the better implementation. We don't need to update callers nor tests, since the API is the same. A future commit will rename STRLCPY() to STRTCPY(), and replace remaining calls to strlcpy(3) by calls to this strtcpy(3). Link: <https://lore.kernel.org/linux-man/ZU4SDh-Se5gjPny5@debian/T/#mfb5a3fdeb35487dec6f8d9e3d8548bd0d92c4975/> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This testsuite is NOT SECURE: it will temporarily change your passwords file with known passwords. You should run it on a chroot, or on a secured dedicated system. To test a Debian system: $ mkdir sid-chroot $ sudo debootstrap sid sid-chroot/ http://deb.debian.org/debian/ edit or copy a sources.list $ sudo cp /etc/apt/sources.list sid-chroot/etc/apt/ edit or copy a resolv.conf $ sudo cp /etc/resolv.conf sid-chroot/etc/ $ su - root -c "chroot sid-chroot/ /bin/bash" # mount -t proc proc /proc # mount -t devpts devpts /dev/pts # aptitude update # aptitude install expect # cd /dev ; mknod --mode=666 /dev/ptmx c 5 2