numam-dpdk/lib/librte_eal/common/eal_common_string_fns.c
Gaetan Rivet b0236c7cf7 eal: add strscpy function
The strncpy function has long been deemed unsafe for use,
in favor of strlcpy or snprintf.

While snprintf is standard and strlcpy is still largely available,
they both have issues regarding error checking and performance.

Both will force reading the source buffer past the requested size
if the input is not a proper c-string, and will return the expected
number of bytes copied, meaning that error checking needs to verify
that the number of bytes copied is not superior to the destination
size.

This contributes to awkward code flow, unclear error checking and
potential issues with malformed input.

The function strscpy has been discussed for some time already and
has been made available in the linux kernel[1].

Propose this new function as a safe alternative.

[1]: http://git.kernel.org/linus/30c44659f4a3

Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Juhamatti Kuusisaari <juhamatti.kuusisaari@coriant.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2018-09-19 11:38:19 +02:00

67 lines
1.2 KiB
C

/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2010-2014 Intel Corporation
*/
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include <errno.h>
#include <rte_string_fns.h>
/* split string into tokens */
int
rte_strsplit(char *string, int stringlen,
char **tokens, int maxtokens, char delim)
{
int i, tok = 0;
int tokstart = 1; /* first token is right at start of string */
if (string == NULL || tokens == NULL)
goto einval_error;
for (i = 0; i < stringlen; i++) {
if (string[i] == '\0' || tok >= maxtokens)
break;
if (tokstart) {
tokstart = 0;
tokens[tok++] = &string[i];
}
if (string[i] == delim) {
string[i] = '\0';
tokstart = 1;
}
}
return tok;
einval_error:
errno = EINVAL;
return -1;
}
/* Copy src string into dst.
*
* Return negative value and NUL-terminate if dst is too short,
* Otherwise return number of bytes copied.
*/
ssize_t
rte_strscpy(char *dst, const char *src, size_t dsize)
{
size_t nleft = dsize;
size_t res = 0;
/* Copy as many bytes as will fit. */
while (nleft != 0) {
dst[res] = src[res];
if (src[res] == '\0')
return res;
res++;
nleft--;
}
/* Not enough room in dst, set NUL and return error. */
if (res != 0)
dst[res - 1] = '\0';
return -E2BIG;
}