diff options
| author | millert <> | 1999-06-17 16:28:58 +0000 | 
|---|---|---|
| committer | millert <> | 1999-06-17 16:28:58 +0000 | 
| commit | 119cda95bf950cdcba7a16178e7f48fdf84f58d0 (patch) | |
| tree | 037ab4c3eafb97e4121e9fc27cbb82dbcc5a3b6d /src/lib/libc | |
| parent | 05fa287fa4090ddc8e0efcfeec475b38bf9445e0 (diff) | |
| download | openbsd-119cda95bf950cdcba7a16178e7f48fdf84f58d0.tar.gz openbsd-119cda95bf950cdcba7a16178e7f48fdf84f58d0.tar.bz2 openbsd-119cda95bf950cdcba7a16178e7f48fdf84f58d0.zip | |
When finding the end of dst, never traverse more than siz bytes.  This
keeps us from misbehaving if the user gives us a src string that is not
NUL-terminated.  This is one of those "should not happen" cases but it
is good to play it safe.  Pointed out by Casper Dik <casper@holland.sun.com>
Diffstat (limited to 'src/lib/libc')
| -rw-r--r-- | src/lib/libc/string/strlcat.c | 10 | 
1 files changed, 5 insertions, 5 deletions
| diff --git a/src/lib/libc/string/strlcat.c b/src/lib/libc/string/strlcat.c index 2e8c56926e..599994edf5 100644 --- a/src/lib/libc/string/strlcat.c +++ b/src/lib/libc/string/strlcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: strlcat.c,v 1.1 1998/07/01 01:29:45 millert Exp $ */ | 1 | /* $OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $ */ | 
| 2 | 2 | ||
| 3 | /* | 3 | /* | 
| 4 | * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> | 
| @@ -28,7 +28,7 @@ | |||
| 28 | */ | 28 | */ | 
| 29 | 29 | ||
| 30 | #if defined(LIBC_SCCS) && !defined(lint) | 30 | #if defined(LIBC_SCCS) && !defined(lint) | 
| 31 | static char *rcsid = "$OpenBSD: strlcat.c,v 1.1 1998/07/01 01:29:45 millert Exp $"; | 31 | static char *rcsid = "$OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $"; | 
| 32 | #endif /* LIBC_SCCS and not lint */ | 32 | #endif /* LIBC_SCCS and not lint */ | 
| 33 | 33 | ||
| 34 | #include <sys/types.h> | 34 | #include <sys/types.h> | 
| @@ -50,11 +50,11 @@ size_t strlcat(dst, src, siz) | |||
| 50 | register size_t n = siz; | 50 | register size_t n = siz; | 
| 51 | size_t dlen; | 51 | size_t dlen; | 
| 52 | 52 | ||
| 53 | /* Find the end of dst and adjust bytes left */ | 53 | /* Find the end of dst and adjust bytes left but don't go past end */ | 
| 54 | while (*d != '\0' && n != 0) | 54 | while (*d != '\0' && n-- != 0) | 
| 55 | d++; | 55 | d++; | 
| 56 | dlen = d - dst; | 56 | dlen = d - dst; | 
| 57 | n -= dlen; | 57 | n = siz - dlen; | 
| 58 | 58 | ||
| 59 | if (n == 0) | 59 | if (n == 0) | 
| 60 | return(dlen + strlen(s)); | 60 | return(dlen + strlen(s)); | 
