[src/trunk]: src/usr.sbin/makemandb Fix possible buffer overflow when concate...

[abhinav <abhinav%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d8e005d34287
branches:  trunk
changeset: 346298:d8e005d34287
user:      abhinav <abhinav%NetBSD.org@localhost>
date:      Wed Jul 06 06:57:40 2016 +0000

description:
Fix possible buffer overflow when concatenating strings.
Patch from christos@

diffstat:

 usr.sbin/makemandb/apropos-utils.c |  19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diffs (58 lines):

diff -r e107f3efa06e -r d8e005d34287 usr.sbin/makemandb/apropos-utils.c
--- a/usr.sbin/makemandb/apropos-utils.c        Wed Jul 06 06:30:08 2016 +0000
+++ b/usr.sbin/makemandb/apropos-utils.c        Wed Jul 06 06:57:40 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: apropos-utils.c,v 1.26 2016/06/01 15:59:18 abhinav Exp $       */
+/*     $NetBSD: apropos-utils.c,v 1.27 2016/07/06 06:57:40 abhinav Exp $       */
 /*-
  * Copyright (c) 2011 Abhinav Upadhyay <er.abhinav.upadhyay%gmail.com@localhost>
  * All rights reserved.
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: apropos-utils.c,v 1.26 2016/06/01 15:59:18 abhinav Exp $");
+__RCSID("$NetBSD: apropos-utils.c,v 1.27 2016/07/06 06:57:40 abhinav Exp $");
 
 #include <sys/queue.h>
 #include <sys/stat.h>
@@ -109,7 +109,7 @@
 void
 concat2(char **dst, const char *src, size_t srclen)
 {
-       size_t total_len, dst_len;
+       size_t totallen, dstlen;
        assert(src != NULL);
 
        /*
@@ -117,23 +117,24 @@
         * strdup the source buffer
         */
        if (*dst == NULL) {
-               *dst = estrdup(src);
+               *dst = estrndup(src, srclen);
                return;
        }
 
-       dst_len = strlen(*dst);
+       dstlen = strlen(*dst);
        /*
         * NUL Byte and separator space
         */
-       total_len = dst_len + srclen + 2;
+       totallen = dstlen + srclen + 2;
 
-       *dst = erealloc(*dst, total_len);
+       *dst = erealloc(*dst, totallen);
 
        /* Append a space at the end of dst */
-       (*dst)[dst_len++] = ' ';
+       (*dst)[dstlen++] = ' ';
 
        /* Now, copy src at the end of dst */
-       memcpy(*dst + dst_len, src, srclen + 1);
+       memcpy(*dst + dstlen, src, srclen);
+       (*dst)[dstlen + srclen + 1] = '\0';
 }
 
 void