Thanks Todd. I'll pass your analysis on to Joachim.
Date: Tue, 09 Mar 2021 14:14:33 -0700
From: Todd C. Miller
To: Mark Lumsden
Cc: tech@openbsd.org
Subject: Re: mg: Fix Coverity Scan warning: Insecure data handling
On Tue, 09 Mar 2021 20:14:19 +, Mark Lumsden wrote:
Here is a diff
Here is a diff from Joachim Wiberg's version of mg.
"The strlcpy() function is guaranteed to never copy more than 'len - 1'
bytes, so there is no need to check if we copied more. This is a bogus
warning since the introduction of strlcpy()."
Tested and seems reasonable. ok?
Index: cinfo.c
Todd C. Miller wrote:
> On Tue, 09 Mar 2021 20:14:19 +, Mark Lumsden wrote:
>
> > Here is a diff from Joachim Wiberg's version of mg.
> >
> > "The strlcpy() function is guaranteed to never copy more than 'len - 1'
> > bytes, so there is no need to check if we copied more. This is a bogus
>
On Tue, 09 Mar 2021 20:14:19 +, Mark Lumsden wrote:
> Here is a diff from Joachim Wiberg's version of mg.
>
> "The strlcpy() function is guaranteed to never copy more than 'len - 1'
> bytes, so there is no need to check if we copied more. This is a bogus
> warning since the introduction of