[Toybox] [PATCH] strncat bug in mountpoint.c

Rob Landley rob at landley.net
Sat Nov 29 17:49:07 PST 2014


On 11/25/14 19:14, enh wrote:
> strncat is a pain to use because the last argument is the remaining
> space in the buffer, not the buffer size. sadly glibc doesn't have
> strlcat...

I went back to poke at this and remembered the _other_ reason I didn't
use strlcpy() and strlcat():

I decided to use xstrncpy() and xstrncat() instead, because silently
truncating the input is usually an error, it still means we're working
with the wrong data. If the buffer doesn't fit, die loudly. (For the
cases where we _are_ intentionally truncating, memcpy() exists.)

(The fact it means I don't have to worry about strlcpy() namespace
issues in portability.* is just a fringe benefit. :)

> diff --git a/toys/other/mountpoint.c b/toys/other/mountpoint.c
> index 29b8ae6..6124129 100644
> --- a/toys/other/mountpoint.c
> +++ b/toys/other/mountpoint.c

And toys/pending/netstat.c is using it too. And a dozen things are using
strncpy(), which should not gratuitously dirty its entire buffer range
(faulting in and evicting who knows how many cache lines, forcing
physical page allocation... just "ew").

Strings are hard.

Let's see, the "yes we want to truncate this" uses should be memcpy()
with explicit null termination. Blah, I have half-finished patches to
several of the files in "egrep -l strnc'(py|at)' lib/*.c toys/*/*.c"
(especially since so many of them are in pending and I tend to do
drive-by cleanups on that...)

/me wanders off to fiddle with stuff...

Rob

 1417312147.0


More information about the Toybox mailing list