Subject: Re: CVS commit: basesrc
To: None <christos@netbsd.org>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: source-changes
Date: 09/15/2000 12:02:07
CPPFLAGS+= \
'-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
'-Dstrlcat=strncat' \
'-Dsl_add(a,b)=(sl_add(a,b),0)'
I strongly advise against using an ftpd build this way.
It is possible (perhaps even likely) that a 1.4.2 ftpd built with this
value of CPPFLAGS may be vulnerable to buffer overrun attacks.
The strn* and strl* function families do *not* have equivalent
bounds-checking and null-termination behavior.
For instance, strncat appends at most c characters, yielding a string
of length at most strlen(a)+c, occupying strlen(a)+c+1 bytes; strlcat
is guaranteed to produce a null-terminated string no longer than c-1
characters, occupying no more than c bytes.
Some untested, but potentially more correct (albeit not exactly
equivalent) replacements:
strlcat(a,b,c) could be replaced by strncat(a,b,max(0,c-strlen(a)-1))
strlcpy(a,b,c) could with (strncpy(a,b,c-1),a[c-1]=0,strlen(a))
- Bill