From f09179f91aea0ca0b427a5097c0932dc64589fe0 Mon Sep 17 00:00:00 2001 From: Steven Date: Mon, 7 Jan 2019 20:32:01 -0800 Subject: strncpy_s_inline copies more bytes than necessary Given n equals to the maximum number of bytes to copy from src in the API, or the rough estimate strlen of src, strncpy_s_inline should not copy more than the number of bytes, computed by strlen(src), to dst if n is greater than strlen(src). The number of bytes to copy is computed by strnlen(src,n), not n. Change-Id: I088b46125d9776962750e121f1fbf441952efc2b Signed-off-by: Steven --- src/vppinfra/string.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/vppinfra') diff --git a/src/vppinfra/string.h b/src/vppinfra/string.h index d5686704c22..42f7890f3d0 100644 --- a/src/vppinfra/string.h +++ b/src/vppinfra/string.h @@ -103,7 +103,7 @@ void clib_memswap (void *_a, void *_b, uword bytes); * In order to provide smooth mapping from unsafe string API to the clib string * macro, we often have to improvise s1max and s2max due to the additional * arguments are required for implementing the safe API. This macro is used - * to provide the s1max/s2max. It is not perfect becuase the actual + * to provide the s1max/s2max. It is not perfect because the actual * s1max/s2max may be greater than 4k and the mapping from the unsafe API to * the macro would cause a regression. However, it is not terribly likely. * So I bet against the odds. @@ -1025,7 +1025,8 @@ strncpy_s_inline (char *__restrict__ dest, rsize_t dmax, } } else - m = n; + /* cap the copy to strlen(src) in case n > strlen(src) */ + m = clib_strnlen (src, n); /* Check for src/dst overlap, which is not allowed */ low = (uword) (src < dest ? src : dest); -- cgit 1.2.3-korg