From fd9bf17b83993290e35c8d524c712af4003fa6ba Mon Sep 17 00:00:00 2001
From: dtucker <>
Date: Fri, 14 Oct 2016 18:19:04 +0000
Subject: Cast pointers to uintptr_t to avoid potential signedness errors.
 Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with
 & ok millert, ok deraadt.

---
 src/lib/libc/string/strlcpy.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/lib/libc/string/strlcpy.c')

diff --git a/src/lib/libc/string/strlcpy.c b/src/lib/libc/string/strlcpy.c
index 5fcf084aaa..f282834680 100644
--- a/src/lib/libc/string/strlcpy.c
+++ b/src/lib/libc/string/strlcpy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: strlcpy.c,v 1.13 2015/08/31 02:53:57 guenther Exp $	*/
+/*	$OpenBSD: strlcpy.c,v 1.14 2016/10/14 18:19:04 dtucker Exp $	*/
 
 /*
  * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -18,6 +18,7 @@
 
 #include <sys/types.h>
 #include <string.h>
+#include <stdint.h>
 
 /*
  * Copy string src to buffer dst of size dsize.  At most dsize-1
@@ -46,6 +47,11 @@ strlcpy(char *dst, const char *src, size_t dsize)
 			;
 	}
 
-	return(src - osrc - 1);	/* count does not include NUL */
+	/*
+	 * Cast pointers to unsigned type before calculation, to avoid signed
+	 * overflow when the string ends where the MSB has changed.
+	 * Return value does not include NUL.
+	 */
+	return((uintptr_t)src - (uintptr_t)osrc - 1); 
 }
 DEF_WEAK(strlcpy);
-- 
cgit v1.2.3-55-g6feb