Re: [hackers] [sbase] ed: Don't use strlcpy() || Roberto E. Vargas Caballero

From: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
Date: Tue, 10 Jan 2017 09:45:05 +0100

On Tue, Jan 10, 2017 at 08:56:46AM +0100, git_AT_suckless.org wrote:
> commit b95c8ed79e5d5322dd3c5c386c3acd62105ac116
> Author: Roberto E. Vargas Caballero <roberto.vargas_AT_igrid-td.com>
> AuthorDate: Tue Jan 10 08:46:48 2017 +0100
> Commit: Roberto E. Vargas Caballero <roberto.vargas_AT_igrid-td.com>
> CommitDate: Tue Jan 10 08:49:17 2017 +0100
>
> ed: Don't use strlcpy()
>
> All the buffers related to files have FILENAME_MAX size, so it is impossible
> to have any buffer overrun.
>
> diff --git a/ed.c b/ed.c
> index f579116..82fb784 100644
> --- a/ed.c
> +++ b/ed.c
> _AT_@ -611,7 +611,7 @@ dowrite(const char *fname, int trunc)
> curln = line2;
> if (fclose(fp))
> error("input/output error");
> - if (strlcpy(savfname, fname, sizeof(savfname)) >= sizeof(savfname))
> + if (strcpy(savfname, fname, sizeof(savfname)) >= sizeof(savfname))
> error("file name too long");

I'm not sure if the strcpy check makes sense here. Is it intended?

To:
        strcpy(savfname, fname, sizeof(savfname));

> modflag = 0;
> curln = line;
> _AT_@ -743,8 +743,7 @@ getfname(char comm)
> } else {
> *bp = '\0';
> if (savfname[0] == '\0' || comm == 'e' || comm == 'f')
> - if (strlcpy(savfname, fname, sizeof(savfname)) >= sizeof(savfname))
> - error("file name too long");
> + strcpy(savfname, fname);
> return fname;
> }
>
>

-- 
Kind regards,
Hiltjo

Received on Tue Jan 10 2017 - 09:45:05 CET