[hackers] [sbase] ed: Don't use strlcpy() || Roberto E. Vargas Caballero

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <git_AT_suckless.org>
Date: Tue, 10 Jan 2017 08:56:46 +0100 (CET)

commit b95c8ed79e5d5322dd3c5c386c3acd62105ac116
Author: Roberto E. Vargas Caballero <roberto.vargas_AT_igrid-td.com>
AuthorDate: Tue Jan 10 08:46:48 2017 +0100
Commit: Roberto E. Vargas Caballero <roberto.vargas_AT_igrid-td.com>
CommitDate: Tue Jan 10 08:49:17 2017 +0100

    ed: Don't use strlcpy()

    All the buffers related to files have FILENAME_MAX size, so it is impossible
    to have any buffer overrun.

diff --git a/ed.c b/ed.c
index f579116..82fb784 100644
--- a/ed.c
+++ b/ed.c
_AT_@ -611,7 +611,7 @@ dowrite(const char *fname, int trunc)
         curln = line2;
         if (fclose(fp))
                 error("input/output error");
- if (strlcpy(savfname, fname, sizeof(savfname)) >= sizeof(savfname))
+ if (strcpy(savfname, fname, sizeof(savfname)) >= sizeof(savfname))
                 error("file name too long");
         modflag = 0;
         curln = line;
_AT_@ -743,8 +743,7 @@ getfname(char comm)
         } else {
                 *bp = '\0';
                 if (savfname[0] == '\0' || comm == 'e' || comm == 'f')
- if (strlcpy(savfname, fname, sizeof(savfname)) >= sizeof(savfname))
- error("file name too long");
+ strcpy(savfname, fname);
                 return fname;
         }

Received on Tue Jan 10 2017 - 08:56:46 CET

This archive was generated by hypermail 2.3.0 : Tue Jan 10 2017 - 09:00:24 CET