Mailing List Archive

strlcpy patch
Hi,

after looking into the clamav sourcecode I took the time to convert
most strncpy and strncat calls into strlcpy and strlcat.
The strl** variants guarantee that the destination string is NULL
terminated, which was not always the case in the current code.

I have put the strl** definitions in #if clauses since they are
natively provided in some BSD variants.

The patch is against clamav 0.70-rc.

Cheers, Bastian

--
,''`. Bastian Kleineidam . calvin (at) debian.org
: :' :
`. `' GnuPG Schlüssel http://kampfwurst.net/gpgkey.txt
`-

Sitzen zwei Glühbirnen im Keller und stricken Atomsocken. BUMM.
Was ist passiert? Eine hat ne Masche verloren.
Re: strlcpy patch [ In reply to ]
*shameless plug*

> I have put the strl** definitions in #if clauses since they are
> natively provided in some BSD variants.

Just incase you want to know about other twitchy C functions, there's a book at;

http://www.pldaniels.com/public
(only link on the page)

it's incomplete at the moment, but it covers a lot of the perils of C, including the somewhat painful issue about
strncpy().

Regards.

--
Paul L Daniels - PLD Software - Xamime
Unix systems Internet Development A.B.N. 19 500 721 806
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
PGP Public Key at http://www.pldaniels.com/gpg-keys.pld
Re: strlcpy patch [ In reply to ]
On Monday 05 April 2004 11:08, Bastian Kleineidam wrote:

> The patch is against clamav 0.70-rc.

imho it would be better to use sizeof(header) instead of some magic number in
the code.. for example here, sigtool.c:

/* MD5 */
pt = cl_md5file(gzfile);
- strcat(header, pt);
+ strlcat(header, pt, 513);
free(pt);
- strcat(header, ":");
+ strlcat(header, ":", 513);
Re: strlcpy patch [ In reply to ]
On Mon, Apr 05, 2004 at 11:51:29AM +0200, Dirk Mueller wrote:
> On Monday 05 April 2004 11:08, Bastian Kleineidam wrote:
>
> > The patch is against clamav 0.70-rc.
>
> imho it would be better to use sizeof(header) instead of some magic number in
> the code.. for example here, sigtool.c:
Yes, thanks. Just replace every 513 in those strl** with sizeof(header).
I attached an updated patch.


Ciao, Bastian
--
,''`. Bastian Kleineidam . calvin (at) debian.org
: :' :
`. `' GnuPG Schlüssel http://kampfwurst.net/gpgkey.txt
`-

F: Warum heisst ein Löwe eigentlich Löwe?
A: Weil er durch die Wüste löft.
Re: strlcpy patch [ In reply to ]
On Mon, 5 Apr 2004 15:49:58 +0200
Bastian Kleineidam <calvin@users.sourceforge.net> wrote:

>
> On Mon, Apr 05, 2004 at 11:51:29AM +0200, Dirk Mueller wrote:
> > On Monday 05 April 2004 11:08, Bastian Kleineidam wrote:
> >
> > > The patch is against clamav 0.70-rc.
> >
> > imho it would be better to use sizeof(header) instead of some magic
> > number in the code.. for example here, sigtool.c:
> Yes, thanks. Just replace every 513 in those strl** with
> sizeof(header). I attached an updated patch.

Could you please create a patch against the CVS version?

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Mon Apr 5 21:53:56 CEST 2004
Re: strlcpy patch [ In reply to ]
On Mon, Apr 05, 2004 at 09:55:16PM +0200, Tomasz Kojm wrote:
> Could you please create a patch against the CVS version?
Here is the patch against CVS. I used the shared/ directory to
store the new strl* functions.

Cheers, Bastian

--
,''`. Bastian Kleineidam . calvin (at) debian.org
: :' :
`. `' GnuPG Schlüssel http://kampfwurst.net/gpgkey.txt
`-

F: Warum heisst ein Löwe eigentlich Löwe?
A: Weil er durch die Wüste löft.
Re: strlcpy patch [ In reply to ]
On Tue, Apr 06, 2004 at 11:15:52AM +0200, Bastian Kleineidam wrote:
> On Mon, Apr 05, 2004 at 09:55:16PM +0200, Tomasz Kojm wrote:
> > Could you please create a patch against the CVS version?
> Here is the patch against CVS. I used the shared/ directory to
> store the new strl* functions.

Haha, the new files were missing: shared/strutil.[ch]
They are attached.

--
,''`. Bastian Kleineidam . calvin (at) debian.org
: :' :
`. `' GnuPG Schlüssel http://kampfwurst.net/gpgkey.txt
`-
The metric system is a tool of the devil!
My car gets 40 rods to the hogshead, and that's the way I like it.
- Homer Simpson
Re: strlcpy patch [ In reply to ]
On Tue, 6 Apr 2004 12:09:18 +0200
Bastian Kleineidam <calvin@users.sourceforge.net> wrote:

> On Tue, Apr 06, 2004 at 11:15:52AM +0200, Bastian Kleineidam wrote:
> > On Mon, Apr 05, 2004 at 09:55:16PM +0200, Tomasz Kojm wrote:
> > > Could you please create a patch against the CVS version?
> > Here is the patch against CVS. I used the shared/ directory to
> > store the new strl* functions.
>
> Haha, the new files were missing: shared/strutil.[ch]
> They are attached.

Thank you, applied with small changes (next time please remember about
#includes ;-)). I assumed you are the author of strutil.c and added a
proper copyright notice, hope that's OK.

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Tue Apr 6 14:08:55 CEST 2004
Re: strlcpy patch [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On Tue, Apr 06, 2004 at 02:18:09PM +0200, Tomasz Kojm wrote:
> Thank you, applied with small changes (next time please remember about
> #includes ;-)). I assumed you are the author of strutil.c and added a
> proper copyright notice, hope that's OK.

Ah, sorry for the missing includes :)

I copied strl* from the linux kernel lib/string.c which has the following
copyright:
/*
* linux/lib/string.c
*
* Copyright (C) 1991, 1992 Linus Torvalds
*/

And while at it, here are the function docs, you can add them too.

/**
* strlcpy - Copy a %NUL terminated string into a sized buffer
* @dest: Where to copy the string to
* @src: Where to copy the string from
* @size: size of destination buffer
*
* Compatible with *BSD: the result is always a valid
* NUL-terminated string that fits in the buffer (unless,
* of course, the buffer size is zero). It does not pad
* out the result like strncpy() does.
*/


/**
* strlcat - Append a length-limited, %NUL-terminated string to another
* @dest: The string to be appended to
* @src: The string to append to it
* @count: The size of the destination buffer.
*/


Ciao, Bastian

- --
,''`. Bastian Kleineidam . calvin (at) debian.org
: :' :
`. `' GnuPG Schlüssel http://kampfwurst.net/gpgkey.txt
`-

Zwei Kerzen: "Was machst Du heute abend?" -- "Ich glaube ich gehe aus."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAcrameBwlBDLsbz4RAi0XAJ4zB7pJiV+tW3pb6Q2jN8fykv8sPQCgy/aU
1QjXC861/IegUf607upQMGU=
=+Slg
-----END PGP SIGNATURE-----