On Sun, Sep 04, 2016 at 07:42:01PM -0700, Kevin J. McCarthy wrote: > Lastly, I'd recommend using strfcpy instead of strncpy below, just to > avoid the theoretical possibility where tmp->data is 1024 or bigger. > > > diff --git a/init.c b/init.c > > + /* Format var=value string */ > > + strncpy(work, tmp->data, sizeof(work)); > > + len = strlen(work); > > + work[len++] = '='; > > + mutt_extract_token (tmp, s, 0); > > + strncpy(&work[len], tmp->data, sizeof(work)-len);
That's a good point--strncmp() really should never be used to make
sure that the source string fits into the destination string, as it
will silently truncate the string, which is often as bad if not worse
than a bufer overrun. Someone got it in their head that strncpy()
(and friends, like strncmp()) should be used for string security, and
started spreading that lie, and now its use in that context has become
somewhat ubiquitous; but it's wrong.
Is strfcpy() widely available? For instance, on the machine I'm using
at this moment it does not appear to be (based on its apparent absence
from the man pages on the system--though admittedly, what I'm doing is
trying to resurrect an old system--but it's not THAT old). I thought
that family of functions was a non-standard extension, though I may be
mistaken.
A better approach (than strncpy) is to use snprintf():
// size = strlen(src) if that's safe, or whatever
int rc = snprintf(dest, size, "%s", src);
if rc >= size, your token was too big, and you should error (or resize
dest, if that's an option). Or, with older libc's, if rc = -1, same
deal.
More worrisome is that mutt_extract_token() seems to have no bounds
checking, though I don't really have time to read the code and examine
its use just now--it's rather complicated and I'm about to be late for
a BBQ. =8^)
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpmEbC1hfTMP.pgp
Description: PGP signature
