From: Ben Pfaff Date: Tue, 22 Feb 2011 18:41:15 +0000 (-0800) Subject: util: Don't read over 'size - 1' bytes of source string in ovs_strlcpy(). X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e868fb3d322f5c46385f1fc6db5bb1ab33f90305;p=openvswitch util: Don't read over 'size - 1' bytes of source string in ovs_strlcpy(). The blind replacement of strncpy() by ovs_strlcpy() is risky because strncpy() never reads more bytes from its source string than necessary to write its destination string, but ovs_strlcpy() and the OpenBSD function that inspired it both read the entire source string. This avoids that problem. Given that change, we can use ovs_strlcpy() in a few more places, and this commit does that too. Coverity #10697,10696,10695,10694,10693,10692,10691,10690. --- diff --git a/lib/ofp-print.c b/lib/ofp-print.c index 0e2cb0f8..bf9bf82e 100644 --- a/lib/ofp-print.c +++ b/lib/ofp-print.c @@ -1315,8 +1315,7 @@ ofp_print_ofpst_table_reply(struct ds *string, const struct ofp_header *oh, for (; n--; ts++) { char name[OFP_MAX_TABLE_NAME_LEN + 1]; - strncpy(name, ts->name, sizeof name); - name[OFP_MAX_TABLE_NAME_LEN] = '\0'; + ovs_strlcpy(name, ts->name, sizeof name); ds_put_format(string, " %d: %-8s: ", ts->table_id, name); ds_put_format(string, "wild=0x%05"PRIx32", ", ntohl(ts->wildcards)); diff --git a/lib/route-table.c b/lib/route-table.c index 64a5c1e9..8212c546 100644 --- a/lib/route-table.c +++ b/lib/route-table.c @@ -111,7 +111,7 @@ route_table_get_name(ovs_be32 ip, char name[IFNAMSIZ]) nn = name_node_lookup(ifindex); if (nn) { - strncpy(name, nn->ifname, IFNAMSIZ); + ovs_strlcpy(name, nn->ifname, IFNAMSIZ); return true; } } @@ -445,8 +445,7 @@ name_table_reset(void) nn = xzalloc(sizeof *nn); nn->ifi_index = change.ifi_index; - strncpy(nn->ifname, change.ifname, IFNAMSIZ); - nn->ifname[IFNAMSIZ - 1] = '\0'; + ovs_strlcpy(nn->ifname, change.ifname, IFNAMSIZ); hmap_insert(&name_map, &nn->node, hash_int(nn->ifi_index, 0)); } } diff --git a/lib/util.c b/lib/util.c index 193efb92..1aa82714 100644 --- a/lib/util.c +++ b/lib/util.c @@ -137,14 +137,15 @@ xasprintf(const char *format, ...) return s; } +/* Similar to strlcpy() from OpenBSD, but it never reads more than 'size - 1' + * bytes from 'src' and doesn't return anything. */ void ovs_strlcpy(char *dst, const char *src, size_t size) { if (size > 0) { - size_t n = strlen(src); - size_t n_copy = MIN(n, size - 1); - memcpy(dst, src, n_copy); - dst[n_copy] = '\0'; + size_t len = strnlen(src, size - 1); + memcpy(dst, src, len); + dst[len] = '\0'; } }