libmemif: fix insecure uses of strncpy A calling patterm of "strncpy(dst, src, strlen(src))" invites a lot of troubles. However, even using the target size may result in a problem if the string is longer, since then the termination is not done. Use strlcpy(dst, src, sizeof(dst)), which will always null-terminate the string. Change-Id: I8ddaf3dc8380a78af08914e81849279dae7ab24a Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>

commit: e5b7ca4bcea8c404d95e00f5db4c40d47b6e185b [log] [tgz]
author: Andrew Yourtchenko <ayourtch@gmail.com> Fri Jan 29 14:18:12 2021 +0000
committer: Damjan Marion <dmarion@me.com> Mon Feb 08 10:27:06 2021 +0000
tree: 8c63d909d628477c745e0a3455fb5e5ae45e6a48
parent: 1421748e3cd98d7355b1a1db283803a571569927 [diff] [blame]
diff --git a/extras/libmemif/src/memif_private.h b/extras/libmemif/src/memif_private.h
index dd58d62..59899fd 100644
--- a/extras/libmemif/src/memif_private.h
+++ b/extras/libmemif/src/memif_private.h

@@ -66,6 +66,33 @@
 #define DBG(...)
 #endif /* MEMIF_DBG */
 
+#ifndef HAS_LIB_BSD
+static inline size_t
+strlcpy (char *dest, const char *src, size_t len)
+{
+  const char *s = src;
+  size_t n = len;
+
+  while (--n > 0)
+    {
+      if ((*dest++ = *s++) == '\0')
+	break;
+    }
+
+  if (n == 0)
+    {
+      if (len != 0)
+	*dest = '\0';
+      while (*s++)
+	;
+    }
+
+  return (s - src - 1);
+}
+#else
+#include <bsd/string.h>
+#endif
+
 typedef enum
 {
   MEMIF_SOCKET_TYPE_NONE = 0,	/* unassigned, not used by any interface */
commit	e5b7ca4bcea8c404d95e00f5db4c40d47b6e185b	[log] [tgz]
author	Andrew Yourtchenko <ayourtch@gmail.com>	Fri Jan 29 14:18:12 2021 +0000
committer	Damjan Marion <dmarion@me.com>	Mon Feb 08 10:27:06 2021 +0000
tree	8c63d909d628477c745e0a3455fb5e5ae45e6a48
parent	1421748e3cd98d7355b1a1db283803a571569927 [diff] [blame]