Re: mg: Fix Coverity Scan warning: Insecure data handling

2021-03-09 Thread Mark Lumsden
Thanks Todd. I'll pass your analysis on to Joachim. Date: Tue, 09 Mar 2021 14:14:33 -0700 From: Todd C. Miller To: Mark Lumsden Cc: tech@openbsd.org Subject: Re: mg: Fix Coverity Scan warning: Insecure data handling On Tue, 09 Mar 2021 20:14:19 +, Mark Lumsden wrote: Here is a diff

mg: Fix Coverity Scan warning: Insecure data handling

2021-03-09 Thread Mark Lumsden
Here is a diff from Joachim Wiberg's version of mg. "The strlcpy() function is guaranteed to never copy more than 'len - 1' bytes, so there is no need to check if we copied more. This is a bogus warning since the introduction of strlcpy()." Tested and seems reasonable. ok? Index: cinfo.c

Re: mg: Fix Coverity Scan warning: Insecure data handling

2021-03-09 Thread Theo de Raadt
Todd C. Miller wrote: > On Tue, 09 Mar 2021 20:14:19 +, Mark Lumsden wrote: > > > Here is a diff from Joachim Wiberg's version of mg. > > > > "The strlcpy() function is guaranteed to never copy more than 'len - 1' > > bytes, so there is no need to check if we copied more. This is a bogus >

Re: mg: Fix Coverity Scan warning: Insecure data handling

2021-03-09 Thread Todd C . Miller
On Tue, 09 Mar 2021 20:14:19 +, Mark Lumsden wrote: > Here is a diff from Joachim Wiberg's version of mg. > > "The strlcpy() function is guaranteed to never copy more than 'len - 1' > bytes, so there is no need to check if we copied more. This is a bogus > warning since the introduction of