From: kay.sievers@vrfy.org Date: Sun, 27 Mar 2005 10:39:12 +0000 (+0200) Subject: [PATCH] fix klibc's broken strlcpy/strlcat X-Git-Tag: 057~24 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=8a4c0c32f4252efb0f0adbf5cdc0261d359cd568 [PATCH] fix klibc's broken strlcpy/strlcat udevinfo segfaults cause klibc's strlcpy writes behind the specified size of the destination string. strlcat truncates the destination string which is also not what you expect from a concatenation function. --- diff --git a/klibc/klibc/strlcat.c b/klibc/klibc/strlcat.c index 6111445f0..f397857e7 100644 --- a/klibc/klibc/strlcat.c +++ b/klibc/klibc/strlcat.c @@ -16,9 +16,11 @@ size_t strlcat(char *dst, const char *src, size_t size) q++; bytes++; } + if (bytes == size) + return (bytes + strlen(src)); while ( (ch = *p++) ) { - if ( bytes < size ) + if ( bytes+1 < size ) *q++ = ch; bytes++; diff --git a/klibc/klibc/strlcpy.c b/klibc/klibc/strlcpy.c index eb384c988..8b36c43c0 100644 --- a/klibc/klibc/strlcpy.c +++ b/klibc/klibc/strlcpy.c @@ -13,7 +13,7 @@ size_t strlcpy(char *dst, const char *src, size_t size) char ch; while ( (ch = *p++) ) { - if ( bytes < size ) + if ( bytes+1 < size ) *q++ = ch; bytes++; diff --git a/udev_config.c b/udev_config.c index 7d6bb77e5..b6f578b27 100644 --- a/udev_config.c +++ b/udev_config.c @@ -171,7 +171,7 @@ static int parse_config_file(void) if (bufline[0] == COMMENT_CHARACTER) continue; - strlcpy(line, bufline, count); + strlcpy(line, bufline, count+1); linepos = line; retval = get_key(&linepos, &variable, &value); diff --git a/udev_db.c b/udev_db.c index f606b5e05..afbd50e50 100644 --- a/udev_db.c +++ b/udev_db.c @@ -116,37 +116,37 @@ static int parse_db_file(struct udevice *udev, const char *filename) switch(bufline[0]) { case 'P': if (count > sizeof(udev->devpath)) - count = sizeof(udev->devpath)-1; - strlcpy(udev->devpath, &bufline[2], count-2); + count = sizeof(udev->devpath); + strlcpy(udev->devpath, &bufline[2], count-1); break; case 'N': if (count > sizeof(udev->name)) - count = sizeof(udev->name)-1; - strlcpy(udev->name, &bufline[2], count-2); + count = sizeof(udev->name); + strlcpy(udev->name, &bufline[2], count-1); break; case 'M': if (count > sizeof(line)) - count = sizeof(line)-1; - strlcpy(line, &bufline[2], count-2); + count = sizeof(line); + strlcpy(line, &bufline[2], count-1); sscanf(line, "%u:%u", &major, &minor); udev->devt = makedev(major, minor); break; case 'S': - if (count > sizeof(line)) - count = sizeof(line)-1; - strlcpy(line, &bufline[2], count-2); + if (count > sizeof(line)) + count = sizeof(line); + strlcpy(line, &bufline[2], count-1); name_list_add(&udev->symlink_list, line, 0); break; case 'A': - if (count > sizeof(line)) - count = sizeof(line)-1; - strlcpy(line, &bufline[2], count-2); + if (count > sizeof(line)) + count = sizeof(line); + strlcpy(line, &bufline[2], count-1); udev->partitions = atoi(line); break; case 'R': - if (count > sizeof(line)) - count = sizeof(line)-1; - strlcpy(line, &bufline[2], count-2); + if (count > sizeof(line)) + count = sizeof(line); + strlcpy(line, &bufline[2], count-1); udev->ignore_remove = atoi(line); break; } @@ -227,14 +227,14 @@ int udev_db_search_name(char *devpath, size_t len, const char *name) switch(bufline[0]) { case 'P': if (count > sizeof(path)) - count = sizeof(path)-1; - strlcpy(path, &bufline[2], count-2); + count = sizeof(path); + strlcpy(path, &bufline[2], count-1); break; case 'N': case 'S': if (count > sizeof(nodename)) - count = sizeof(nodename)-1; - strlcpy(nodename, &bufline[2], count-2); + count = sizeof(nodename); + strlcpy(nodename, &bufline[2], count-1); dbg("compare '%s' '%s'", nodename, name); if (strcmp(nodename, name) == 0) { strlcpy(devpath, path, len); @@ -302,13 +302,13 @@ int udev_db_dump_names(int (*handler_function)(const char *path, const char *nam switch(bufline[0]) { case 'P': if (count > sizeof(path)) - count = sizeof(path)-1; - strlcpy(path, &bufline[2], count-2); + count = sizeof(path); + strlcpy(path, &bufline[2], count-1); break; case 'N': if (count > sizeof(nodename)) - count = sizeof(nodename)-1; - strlcpy(nodename, &bufline[2], count-2); + count = sizeof(nodename); + strlcpy(nodename, &bufline[2], count-1); break; default: continue; diff --git a/udev_libc_wrapper.c b/udev_libc_wrapper.c index 16d90913c..23cb7b431 100644 --- a/udev_libc_wrapper.c +++ b/udev_libc_wrapper.c @@ -36,11 +36,15 @@ #define __OWN_USERDB_PARSER__ #endif +#ifdef __GLIBC__ +#define __OWN_STRLCPYCAT__ +#endif + #ifdef USE_STATIC #define __OWN_USERDB_PARSER__ #endif -#ifndef strlcpy +#ifdef __OWN_STRLCPYCAT__ size_t strlcpy(char *dst, const char *src, size_t size) { size_t bytes = 0; @@ -49,7 +53,7 @@ size_t strlcpy(char *dst, const char *src, size_t size) char ch; while ((ch = *p++)) { - if (bytes < size) + if (bytes+1 < size) *q++ = ch; bytes++; } @@ -57,9 +61,7 @@ size_t strlcpy(char *dst, const char *src, size_t size) *q = '\0'; return bytes; } -#endif -#ifndef strlcat size_t strlcat(char *dst, const char *src, size_t size) { size_t bytes = 0; @@ -71,9 +73,11 @@ size_t strlcat(char *dst, const char *src, size_t size) q++; bytes++; } + if (bytes == size) + return (bytes + strlen(src)); while ((ch = *p++)) { - if (bytes < size) + if (bytes+1 < size) *q++ = ch; bytes++; } @@ -81,7 +85,7 @@ size_t strlcat(char *dst, const char *src, size_t size) *q = '\0'; return bytes; } -#endif +#endif /* __OWN_STRLCPYCAT__ */ #ifndef __OWN_USERDB_PARSER__ #include