Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Browse Source

Use somewhat harsher language and better examples; demonstrate that 

non-dangerous use functions is difficult.
ok guenther
OPENBSD_5_6
deraadt 10 years ago
parent
15e68710e4
commit
ce2837fd80
4 changed files with 88 additions and 109 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +9
    -12
      src/lib/libc/string/strcat.3
  2. +13
    -21
      src/lib/libc/string/strcpy.3
  3. +45
    -40
      src/lib/libc/string/strncat.3
  4. +21
    -36
      src/lib/libc/string/strncpy.3

+ 9
- 12
src/lib/libc/string/strcat.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: strcat.3,v 1.16 2013/12/19 20:52:37 millert Exp $
.\" $OpenBSD: strcat.3,v 1.17 2014/04/19 11:30:40 deraadt Exp $
.\" .\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" Copyright (c) 1990, 1991 The Regents of the University of California.
.\" All rights reserved. .\" All rights reserved.
@ -31,12 +31,12 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: December 19 2013 $
.Dd $Mdocdate: April 19 2014 $
.Dt STRCAT 3 .Dt STRCAT 3
.Os .Os
.Sh NAME .Sh NAME
.Nm strcat .Nm strcat
.Nd concatenate two strings
.Nd concatenate two strings without bounds checking
.Sh SYNOPSIS .Sh SYNOPSIS
.In string.h .In string.h
.Ft char * .Ft char *
@ -50,22 +50,19 @@ to the end of the NUL-terminated string
.Fa s , .Fa s ,
then adds a terminating then adds a terminating
.Ql \e0 . .Ql \e0 .
The string
.Fa s
must have sufficient space to hold the result.
.Pp
No bounds checking is performed.
If the buffer
.Fa dst
is not large enough to hold the result,
subsequent memory will be damaged.
.Sh RETURN VALUES .Sh RETURN VALUES
The The
.Fn strcat .Fn strcat
function return the pointer function return the pointer
.Fa s . .Fa s .
.Sh SEE ALSO .Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcpy 3 ,
.Xr strlcpy 3 , .Xr strlcpy 3 ,
.Xr strncat 3 ,
.Xr wcscat 3 , .Xr wcscat 3 ,
.Xr wcslcpy 3 .Xr wcslcpy 3
.Sh STANDARDS .Sh STANDARDS


+ 13
- 21
src/lib/libc/string/strcpy.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: strcpy.3,v 1.20 2013/12/19 20:52:37 millert Exp $
.\" $OpenBSD: strcpy.3,v 1.21 2014/04/19 11:30:40 deraadt Exp $
.\" .\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" Copyright (c) 1990, 1991 The Regents of the University of California.
.\" All rights reserved. .\" All rights reserved.
@ -31,12 +31,12 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: December 19 2013 $
.Dd $Mdocdate: April 19 2014 $
.Dt STRCPY 3 .Dt STRCPY 3
.Os .Os
.Sh NAME .Sh NAME
.Nm strcpy .Nm strcpy
.Nd copy a string
.Nd copy a string without bounds checking
.Sh SYNOPSIS .Sh SYNOPSIS
.In string.h .In string.h
.Ft char * .Ft char *
@ -46,43 +46,35 @@ The
.Fn strcpy .Fn strcpy
function copies the string function copies the string
.Fa src .Fa src
to
.Fa dst
(including the terminating (including the terminating
.Ql \e0 .Ql \e0
character).
The string
character) to the buffer
.Fa dst .
.Pp
No bounds checking is performed.
If the buffer
.Fa dst .Fa dst
must be at least as large as
.Fa src
to hold the result.
is not large enough to hold the result,
subsequent memory will be damaged.
.Pp .Pp
If the If the
.Fa src .Fa src
and
string is inside the
.Fa dst .Fa dst
strings overlap, the behavior is undefined.
buffer, the behavior is undefined.
.Sh RETURN VALUES .Sh RETURN VALUES
The The
.Fn strcpy .Fn strcpy
function returns function returns
.Fa dst . .Fa dst .
.Sh SEE ALSO .Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcat 3 ,
.Xr strlcpy 3 , .Xr strlcpy 3 ,
.Xr strncpy 3 ,
.Xr wcscpy 3 , .Xr wcscpy 3 ,
.Xr wcslcpy 3 .Xr wcslcpy 3
.Sh STANDARDS .Sh STANDARDS
The The
.Fn strcpy .Fn strcpy
and
.Fn strncpy
functions conform to
function conforms to
.St -ansiC . .St -ansiC .
.Sh HISTORY .Sh HISTORY
The The


+ 45
- 40
src/lib/libc/string/strncat.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: strncat.3,v 1.2 2013/12/19 22:00:58 jmc Exp $
.\" $OpenBSD: strncat.3,v 1.3 2014/04/19 11:30:40 deraadt Exp $
.\" .\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" Copyright (c) 1990, 1991 The Regents of the University of California.
.\" All rights reserved. .\" All rights reserved.
@ -31,7 +31,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: December 19 2013 $
.Dd $Mdocdate: April 19 2014 $
.Dt STRNCAT 3 .Dt STRNCAT 3
.Os .Os
.Sh NAME .Sh NAME
@ -40,86 +40,91 @@
.Sh SYNOPSIS .Sh SYNOPSIS
.In string.h .In string.h
.Ft char * .Ft char *
.Fn strncat "char *s" "const char *append" "size_t count"
.Fn strncat "char *dst" "const char *append" "size_t count"
.Sh DESCRIPTION .Sh DESCRIPTION
The The
.Fn strncat .Fn strncat
function appends not more than function appends not more than
.Fa count .Fa count
characters of the NUL-terminated string
characters of the string
.Fa append .Fa append
to the end of the NUL-terminated string
.Fa s .
to the end of the string found in the buffer
.Fa dst .
Space for the terminating Space for the terminating
.Ql \e0 .Ql \e0
should not be included in should not be included in
.Fa count . .Fa count .
The string
.Fa s
must have sufficient space to hold the result.
.Pp
Bounds checking must be performed manually with great care.
If the buffer
.Fa dst
is not large enough to hold the result,
subsequent memory will be damaged.
.Sh RETURN VALUES .Sh RETURN VALUES
The The
.Fn strncat .Fn strncat
function returns the pointer function returns the pointer
.Fa s .
.Fa dst .
.Sh EXAMPLES .Sh EXAMPLES
The following appends
.Dq Li abc
to
.Va chararray :
.Bd -literal -offset indent
char *letters = "abcdefghi";
(void)strncat(chararray, letters, 3);
.Ed
.Pp
The following example shows how to use The following example shows how to use
.Fn strncat .Fn strncat
safely in conjunction with
.Xr strncpy 3 .
in conjunction with
.Xr strncpy 3 :
.Bd -literal -offset indent .Bd -literal -offset indent
char buf[BUFSIZ]; char buf[BUFSIZ];
char *input, *suffix;
char *base, *suffix;
(void)strncpy(buf, input, sizeof(buf) - 1);
(void)strncpy(buf, base, sizeof(buf) - 1);
buf[sizeof(buf) - 1] = '\e0'; buf[sizeof(buf) - 1] = '\e0';
(void)strncat(buf, suffix, sizeof(buf) - 1 - strlen(buf)); (void)strncat(buf, suffix, sizeof(buf) - 1 - strlen(buf));
.Ed .Ed
.Pp .Pp
The above will copy as many characters from The above will copy as many characters from
.Va input
.Va base
to to
.Va buf .Va buf
as will fit. as will fit.
It then appends as many characters from It then appends as many characters from
.Va suffix .Va suffix
as will fit (or none
if there is no space).
For operations like this, the
as will fit.
If either
.Va base
or
.Va suffix
are too large, truncation will occur without detection.
.Pp
The above example shows dangerous coding patterns, including an
inability to detect truncation.
.Fn strncat
and
.Fn strncpy
are dangerously easy to misuse.
The
.Xr strlcpy 3 .Xr strlcpy 3
and and
.Xr strlcat 3 .Xr strlcat 3
functions are a better choice, as shown below.
functions are safer for this kind of operation:
.Bd -literal -offset indent
if (strlcpy(buf, base, sizeof(buf)) >= sizeof(buf) ||
strlcat(buf, suffix, sizeof(buf)) >= sizeof(buf))
goto toolong;
.Ed
or for greatest portability,
.Bd -literal -offset indent .Bd -literal -offset indent
(void)strlcpy(buf, input, sizeof(buf));
(void)strlcat(buf, suffix, sizeof(buf));
if (snprintf(buf, sizeof(buf), "%s%s",
base, suffix) >= sizeof(buf))
goto toolong;
.Ed .Ed
.Sh SEE ALSO .Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcat 3 ,
.Xr strcpy 3 ,
.Xr strlcpy 3 , .Xr strlcpy 3 ,
.Xr wcscat 3 , .Xr wcscat 3 ,
.Xr wcslcpy 3 .Xr wcslcpy 3
.Sh STANDARDS .Sh STANDARDS
The The
.Fn strcat
and
.Fn strncat .Fn strncat
functions conform to
function conform to
.St -ansiC . .St -ansiC .
.Sh HISTORY .Sh HISTORY
The The


+ 21
- 36
src/lib/libc/string/strncpy.3 View File

@ -1,4 +1,4 @@
.\" $OpenBSD: strncpy.3,v 1.1 2013/12/19 20:52:37 millert Exp $
.\" $OpenBSD: strncpy.3,v 1.2 2014/04/19 11:30:40 deraadt Exp $
.\" .\"
.\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" Copyright (c) 1990, 1991 The Regents of the University of California.
.\" All rights reserved. .\" All rights reserved.
@ -31,7 +31,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: December 19 2013 $
.Dd $Mdocdate: April 19 2014 $
.Dt STRNCPY 3 .Dt STRNCPY 3
.Os .Os
.Sh NAME .Sh NAME
@ -48,17 +48,16 @@ function copies not more than
.Fa len .Fa len
characters from the string characters from the string
.Fa src .Fa src
to
to the buffer
.Fa dst . .Fa dst .
If If
.Fa src .Fa src
is less than is less than
.Fa len .Fa len
characters long, characters long,
it appends
it fills the remaining buffer with
.Ql \e0 .Ql \e0
characters for the rest of
.Fa len .
characters.
If the length of If the length of
.Fa src .Fa src
is greater than or equal to is greater than or equal to
@ -68,6 +67,11 @@ will
.Em not .Em not
be NUL-terminated. be NUL-terminated.
.Pp .Pp
.Fn strncpy
.Em only
NUL terminates the destination string when the length of the source
string is less than the length parameter.
.Pp
If the If the
.Fa src .Fa src
and and
@ -90,31 +94,17 @@ to
The following sets The following sets
.Va chararray .Va chararray
to to
.Dq abcdef
and does
.Em not
NUL terminate
.Va chararray
because the length of the source string is greater than or equal to the
length parameter.
.Fn strncpy
.Em only
NUL terminates the destination string when the length of the source
string is less than the length parameter.
.Dq abcdef ,
without a NUL-terminator:
.Bd -literal -offset indent .Bd -literal -offset indent
(void)strncpy(chararray, "abcdefgh", 6); (void)strncpy(chararray, "abcdefgh", 6);
.Ed .Ed
.Pp .Pp
The following copies as many characters from
The following sequence copies as many characters from
.Va input .Va input
to to
.Va buf .Va buf
as will fit and NUL terminates the result.
Because
.Fn strncpy
does
.Em not
guarantee to NUL terminate the string itself, it must be done by hand.
as will fit, and then NUL terminates the result by hand:
.Bd -literal -offset indent .Bd -literal -offset indent
char buf[BUFSIZ]; char buf[BUFSIZ];
@ -122,23 +112,18 @@ char buf[BUFSIZ];
buf[sizeof(buf) - 1] = '\e0'; buf[sizeof(buf) - 1] = '\e0';
.Ed .Ed
.Pp .Pp
Note that
.Xr strlcpy 3
is a better choice for this kind of operation.
The equivalent using
By now it is clear that
.Nm strncpy
is dangerously easy to misuse.
The
.Xr strlcpy 3 .Xr strlcpy 3
is simply:
function is safer for this kind of operation:
.Bd -literal -offset indent .Bd -literal -offset indent
(void)strlcpy(buf, input, sizeof(buf));
if (strlcpy(buf, input, sizeof(buf)) >= sizeof(buf))
goto toolong;
.Ed .Ed
.Sh SEE ALSO .Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcat 3 ,
.Xr strlcpy 3 , .Xr strlcpy 3 ,
.Xr strncat 3 ,
.Xr wcscpy 3 , .Xr wcscpy 3 ,
.Xr wcslcpy 3 .Xr wcslcpy 3
.Sh STANDARDS .Sh STANDARDS


Write Preview
Loading…
Cancel
Save