diff options
| author | dtucker <> | 2016-10-14 18:19:04 +0000 |
|---|---|---|
| committer | dtucker <> | 2016-10-14 18:19:04 +0000 |
| commit | fd9bf17b83993290e35c8d524c712af4003fa6ba (patch) | |
| tree | b6389db570c445961bdaf8c657dc9a09b80b453a /src/lib/libc/string | |
| parent | c870335aee6efe920863d15f06b388eaf6ad1f1a (diff) | |
| download | openbsd-fd9bf17b83993290e35c8d524c712af4003fa6ba.tar.gz openbsd-fd9bf17b83993290e35c8d524c712af4003fa6ba.tar.bz2 openbsd-fd9bf17b83993290e35c8d524c712af4003fa6ba.zip | |
Cast pointers to uintptr_t to avoid potential signedness errors.
Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608,
with & ok millert, ok deraadt.
Diffstat (limited to 'src/lib/libc/string')
| -rw-r--r-- | src/lib/libc/string/strlcat.c | 12 | ||||
| -rw-r--r-- | src/lib/libc/string/strlcpy.c | 10 | ||||
| -rw-r--r-- | src/lib/libc/string/strnlen.c | 9 |
3 files changed, 24 insertions, 7 deletions
diff --git a/src/lib/libc/string/strlcat.c b/src/lib/libc/string/strlcat.c index 073b0d4259..410f448b56 100644 --- a/src/lib/libc/string/strlcat.c +++ b/src/lib/libc/string/strlcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: strlcat.c,v 1.16 2015/08/31 02:53:57 guenther Exp $ */ | 1 | /* $OpenBSD: strlcat.c,v 1.17 2016/10/14 18:19:04 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com> |
| @@ -18,6 +18,7 @@ | |||
| 18 | 18 | ||
| 19 | #include <sys/types.h> | 19 | #include <sys/types.h> |
| 20 | #include <string.h> | 20 | #include <string.h> |
| 21 | #include <stdint.h> | ||
| 21 | 22 | ||
| 22 | /* | 23 | /* |
| 23 | * Appends src to string dst of size dsize (unlike strncat, dsize is the | 24 | * Appends src to string dst of size dsize (unlike strncat, dsize is the |
| @@ -37,7 +38,7 @@ strlcat(char *dst, const char *src, size_t dsize) | |||
| 37 | /* Find the end of dst and adjust bytes left but don't go past end. */ | 38 | /* Find the end of dst and adjust bytes left but don't go past end. */ |
| 38 | while (n-- != 0 && *dst != '\0') | 39 | while (n-- != 0 && *dst != '\0') |
| 39 | dst++; | 40 | dst++; |
| 40 | dlen = dst - odst; | 41 | dlen = (uintptr_t)dst - (uintptr_t)odst; |
| 41 | n = dsize - dlen; | 42 | n = dsize - dlen; |
| 42 | 43 | ||
| 43 | if (n-- == 0) | 44 | if (n-- == 0) |
| @@ -51,6 +52,11 @@ strlcat(char *dst, const char *src, size_t dsize) | |||
| 51 | } | 52 | } |
| 52 | *dst = '\0'; | 53 | *dst = '\0'; |
| 53 | 54 | ||
| 54 | return(dlen + (src - osrc)); /* count does not include NUL */ | 55 | /* |
| 56 | * Cast pointers to unsigned type before calculation, to avoid signed | ||
| 57 | * overflow when the string ends where the MSB has changed. | ||
| 58 | * Return value does not include NUL. | ||
| 59 | */ | ||
| 60 | return (dlen + ((uintptr_t)src - (uintptr_t)osrc)); | ||
| 55 | } | 61 | } |
| 56 | DEF_WEAK(strlcat); | 62 | DEF_WEAK(strlcat); |
diff --git a/src/lib/libc/string/strlcpy.c b/src/lib/libc/string/strlcpy.c index 5fcf084aaa..f282834680 100644 --- a/src/lib/libc/string/strlcpy.c +++ b/src/lib/libc/string/strlcpy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: strlcpy.c,v 1.13 2015/08/31 02:53:57 guenther Exp $ */ | 1 | /* $OpenBSD: strlcpy.c,v 1.14 2016/10/14 18:19:04 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com> |
| @@ -18,6 +18,7 @@ | |||
| 18 | 18 | ||
| 19 | #include <sys/types.h> | 19 | #include <sys/types.h> |
| 20 | #include <string.h> | 20 | #include <string.h> |
| 21 | #include <stdint.h> | ||
| 21 | 22 | ||
| 22 | /* | 23 | /* |
| 23 | * Copy string src to buffer dst of size dsize. At most dsize-1 | 24 | * Copy string src to buffer dst of size dsize. At most dsize-1 |
| @@ -46,6 +47,11 @@ strlcpy(char *dst, const char *src, size_t dsize) | |||
| 46 | ; | 47 | ; |
| 47 | } | 48 | } |
| 48 | 49 | ||
| 49 | return(src - osrc - 1); /* count does not include NUL */ | 50 | /* |
| 51 | * Cast pointers to unsigned type before calculation, to avoid signed | ||
| 52 | * overflow when the string ends where the MSB has changed. | ||
| 53 | * Return value does not include NUL. | ||
| 54 | */ | ||
| 55 | return((uintptr_t)src - (uintptr_t)osrc - 1); | ||
| 50 | } | 56 | } |
| 51 | DEF_WEAK(strlcpy); | 57 | DEF_WEAK(strlcpy); |
diff --git a/src/lib/libc/string/strnlen.c b/src/lib/libc/string/strnlen.c index 26e9743f18..33c3b6e2ca 100644 --- a/src/lib/libc/string/strnlen.c +++ b/src/lib/libc/string/strnlen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: strnlen.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ | 1 | /* $OpenBSD: strnlen.c,v 1.7 2016/10/14 18:19:04 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com> |
| @@ -19,6 +19,7 @@ | |||
| 19 | #include <sys/types.h> | 19 | #include <sys/types.h> |
| 20 | 20 | ||
| 21 | #include <string.h> | 21 | #include <string.h> |
| 22 | #include <stdint.h> | ||
| 22 | 23 | ||
| 23 | size_t | 24 | size_t |
| 24 | strnlen(const char *str, size_t maxlen) | 25 | strnlen(const char *str, size_t maxlen) |
| @@ -28,6 +29,10 @@ strnlen(const char *str, size_t maxlen) | |||
| 28 | for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) | 29 | for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) |
| 29 | ; | 30 | ; |
| 30 | 31 | ||
| 31 | return (size_t)(cp - str); | 32 | /* |
| 33 | * Cast pointers to unsigned type before calculation, to avoid signed | ||
| 34 | * overflow when the string ends where the MSB has changed. | ||
| 35 | */ | ||
| 36 | return (size_t)((uintptr_t)cp - (uintptr_t)str); | ||
| 32 | } | 37 | } |
| 33 | DEF_WEAK(strnlen); | 38 | DEF_WEAK(strnlen); |