On 2023/03/19 08:11:27 -0600, Todd C. Miller <mill...@openbsd.org> wrote:
> The current code for extracting the token name from %{name} can be
> simplified by computing the token name length. The existing code
> copies "name}" to token[] using memcpy(), then strchr() to find the
> '}' and replace it with a NUL. Using strchr() here is fragile since
> token[] is not yet NUL-terminated. This is currently not a problem
> since there is an earlier check for '}' in the source string but
> it could be dangerous is the code changes further.
>
> I find it much simpler to compute the token name length, verify the
> length, copy the bytes and then explicitly NUL-terminate token.
> This results in less code and is more easily audited.
Agreed, I find it simpler too, and less fragile.
> I've also removed the duplicate check for *(pbuf+1) != '{'.
>
> OK?
(while I still have the details fresh in my mind) ok for me
