Re: ssh: xstrdup(): use memcpy(3)

[Todd C . Miller]

On Wed, 09 Mar 2022 19:20:08 -0600, Scott Cheloha wrote:

> The strdup(3) implementation in libc uses memcpy(3), not strlcpy(3).
>
> There is no upside to using strlcpy(3) here if we know the length of
> str before we copy it to the destination buffer.

Sure, using memcpy() here is fine since the length includes space
for the NUL terminator.  OK millert@

 - todd

ssh: xstrdup(): use memcpy(3)

[Scott Cheloha]

The strdup(3) implementation in libc uses memcpy(3), not strlcpy(3).

There is no upside to using strlcpy(3) here if we know the length of
str before we copy it to the destination buffer.

... unless we're worried the length of str will change?  Which would
be very paranoid.  But if that's the case we should be checking that
the return value of strlcpy(3) equals len and calling fatal() if it
isn't.

ok?

Index: xmalloc.c
===
RCS file: /cvs/src/usr.bin/ssh/xmalloc.c,v
retrieving revision 1.36
diff -u -p -r1.36 xmalloc.c
--- xmalloc.c   12 Nov 2019 22:32:48 -  1.36
+++ xmalloc.c   10 Mar 2022 01:06:54 -
@@ -85,8 +85,7 @@ xstrdup(const char *str)
 
len = strlen(str) + 1;
cp = xmalloc(len);
-   strlcpy(cp, str, len);
-   return cp;
+   return memcpy(cp, str, len);
 }
 
 int