d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Reverse the order of two loop invariant to ensure strlcat() does not

Browse Source 
attempt to read memory when siz is 0
- Clarify comments referring to strlcat() usage

PR:		24278, 24295
Submitted by:	Tony Finch <dot@dotat.at>
		Richard Kettlewell <rjk@greenend.org.uk>
Reviewed by:	-audit
This commit is contained in:
Chris D. Faulhaber 2001-01-17 20:51:16 +00:00
parent c059fe98ac
commit 420923e972
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=71191
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/libc/string/strlcat.c
View File

@ -25,6 +25,8 @@
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $FreeBSD$
*/
#if defined(LIBC_SCCS) && !defined(lint)
@ -37,8 +39,9 @@ static char *rcsid = "$OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
* full size of dst, not space left). At most siz-1 characters
* will be copied. Always NUL terminates (unless siz == 0).
* Returns strlen(src); if retval >= siz, truncation occurred.
* will be copied. Always NUL terminates (unless siz <= strlen(dst)).
* Returns strlen(initial dst) + strlen(src); if retval >= siz,
* truncation occurred.
*/
size_t strlcat(dst, src, siz)
char *dst;
@ -51,7 +54,7 @@ size_t strlcat(dst, src, siz)
size_t dlen;
/* Find the end of dst and adjust bytes left but don't go past end */
while (*d != '\0' && n-- != 0)
while (n-- != 0 && *d != '\0')
d++;
dlen = d - dst;
n = siz - dlen;

9
sys/libkern/strlcat.c
View File

@ -25,6 +25,8 @@
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $FreeBSD$
*/
#if defined(LIBC_SCCS) && !defined(lint)
@ -37,8 +39,9 @@ static char *rcsid = "$OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
* full size of dst, not space left). At most siz-1 characters
* will be copied. Always NUL terminates (unless siz == 0).
* Returns strlen(src); if retval >= siz, truncation occurred.
* will be copied. Always NUL terminates (unless siz <= strlen(dst)).
* Returns strlen(initial dst) + strlen(src); if retval >= siz,
* truncation occurred.
*/
size_t strlcat(dst, src, siz)
char *dst;
@ -51,7 +54,7 @@ size_t strlcat(dst, src, siz)
size_t dlen;
/* Find the end of dst and adjust bytes left but don't go past end */
while (*d != '\0' && n-- != 0)
while (n-- != 0 && *d != '\0')
d++;
dlen = d - dst;
n = siz - dlen;