From e5b7ca4bcea8c404d95e00f5db4c40d47b6e185b Mon Sep 17 00:00:00 2001
From: Andrew Yourtchenko <ayourtch@gmail.com>
Date: Fri, 29 Jan 2021 14:18:12 +0000
Subject: libmemif: fix insecure uses of strncpy

A calling patterm of "strncpy(dst, src, strlen(src))" invites a lot of troubles.

However, even using the target size may result in a problem if the string is
longer, since then the termination is not done.

Use strlcpy(dst, src, sizeof(dst)), which will always null-terminate
the string.

Change-Id: I8ddaf3dc8380a78af08914e81849279dae7ab24a
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
---
 extras/libmemif/src/memif_private.h | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'extras/libmemif/src/memif_private.h')

diff --git a/extras/libmemif/src/memif_private.h b/extras/libmemif/src/memif_private.h
index dd58d6256f3..59899fd6285 100644
--- a/extras/libmemif/src/memif_private.h
+++ b/extras/libmemif/src/memif_private.h
@@ -66,6 +66,33 @@ _Static_assert (strlen (MEMIF_DEFAULT_APP_NAME) <= MEMIF_NAME_LEN,
 #define DBG(...)
 #endif /* MEMIF_DBG */
 
+#ifndef HAS_LIB_BSD
+static inline size_t
+strlcpy (char *dest, const char *src, size_t len)
+{
+  const char *s = src;
+  size_t n = len;
+
+  while (--n > 0)
+    {
+      if ((*dest++ = *s++) == '\0')
+	break;
+    }
+
+  if (n == 0)
+    {
+      if (len != 0)
+	*dest = '\0';
+      while (*s++)
+	;
+    }
+
+  return (s - src - 1);
+}
+#else
+#include <bsd/string.h>
+#endif
+
 typedef enum
 {
   MEMIF_SOCKET_TYPE_NONE = 0,	/* unassigned, not used by any interface */
-- 
cgit 1.2.3-korg