Browse Source

Cast pointers to uintptr_t to avoid potential signedness errors.

Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608,
with & ok millert, ok deraadt.
OPENBSD_6_1
dtucker 8 years ago
parent
commit
db6e1f035d
3 changed files with 24 additions and 7 deletions
  1. +9
    -3
      src/lib/libc/string/strlcat.c
  2. +8
    -2
      src/lib/libc/string/strlcpy.c
  3. +7
    -2
      src/lib/libc/string/strnlen.c

+ 9
- 3
src/lib/libc/string/strlcat.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: strlcat.c,v 1.16 2015/08/31 02:53:57 guenther Exp $ */
/* $OpenBSD: strlcat.c,v 1.17 2016/10/14 18:19:04 dtucker Exp $ */
/*
* Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
@ -18,6 +18,7 @@
#include <sys/types.h>
#include <string.h>
#include <stdint.h>
/*
* Appends src to string dst of size dsize (unlike strncat, dsize is the
@ -37,7 +38,7 @@ strlcat(char *dst, const char *src, size_t dsize)
/* Find the end of dst and adjust bytes left but don't go past end. */
while (n-- != 0 && *dst != '\0')
dst++;
dlen = dst - odst;
dlen = (uintptr_t)dst - (uintptr_t)odst;
n = dsize - dlen;
if (n-- == 0)
@ -51,6 +52,11 @@ strlcat(char *dst, const char *src, size_t dsize)
}
*dst = '\0';
return(dlen + (src - osrc)); /* count does not include NUL */
/*
* Cast pointers to unsigned type before calculation, to avoid signed
* overflow when the string ends where the MSB has changed.
* Return value does not include NUL.
*/
return (dlen + ((uintptr_t)src - (uintptr_t)osrc));
}
DEF_WEAK(strlcat);

+ 8
- 2
src/lib/libc/string/strlcpy.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: strlcpy.c,v 1.13 2015/08/31 02:53:57 guenther Exp $ */
/* $OpenBSD: strlcpy.c,v 1.14 2016/10/14 18:19:04 dtucker Exp $ */
/*
* Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
@ -18,6 +18,7 @@
#include <sys/types.h>
#include <string.h>
#include <stdint.h>
/*
* Copy string src to buffer dst of size dsize. At most dsize-1
@ -46,6 +47,11 @@ strlcpy(char *dst, const char *src, size_t dsize)
;
}
return(src - osrc - 1); /* count does not include NUL */
/*
* Cast pointers to unsigned type before calculation, to avoid signed
* overflow when the string ends where the MSB has changed.
* Return value does not include NUL.
*/
return((uintptr_t)src - (uintptr_t)osrc - 1);
}
DEF_WEAK(strlcpy);

+ 7
- 2
src/lib/libc/string/strnlen.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: strnlen.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */
/* $OpenBSD: strnlen.c,v 1.7 2016/10/14 18:19:04 dtucker Exp $ */
/*
* Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
@ -19,6 +19,7 @@
#include <sys/types.h>
#include <string.h>
#include <stdint.h>
size_t
strnlen(const char *str, size_t maxlen)
@ -28,6 +29,10 @@ strnlen(const char *str, size_t maxlen)
for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
;
return (size_t)(cp - str);
/*
* Cast pointers to unsigned type before calculation, to avoid signed
* overflow when the string ends where the MSB has changed.
*/
return (size_t)((uintptr_t)cp - (uintptr_t)str);
}
DEF_WEAK(strnlen);

Loading…
Cancel
Save