This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
PATCH: safe string copy and concetation
- To: libc-alpha at sources dot redhat dot com
- Subject: PATCH: safe string copy and concetation
- From: Christoph Hellwig <hch at caldera dot de>
- Date: Tue, 8 Aug 2000 18:17:01 +0200
Hi,
this patch implements the string functions strlcat and
strlcpy for gnu libc. They are a secure replacement for
strncat and strncpy that avoid their problems with
NUL-termiation and give resonable return values.
size_t
strlcpy(char *dst, const char *src, size_t size)
Copies up to size - 1 characters from src to dst,
NUL-terminating the result. Return number of copied characters.
size_t
strlcat(char *dst, const char *src, size_t size)
Appends src to the end of dst. It will append at most
size - strlen(dst) - 1 bytes, NUL-terminating the result.
Returns the initial length of dst plus the length of src.
This functions are taken from OpenBSD and thus under
BSD style copyright.
Details to strlcat and strlcpy at
http://www.usenix.org/publications/library/proceedings/
usenix99/full_papers/millert/millert_html/index.html
Changelog:
2000-08-08 Christoph Hellwig <hch@caldera.de>
* include/string.h: Declare strlcat and strlcpy for internal use.
* string/Makefile (routines): Add strlcat and strlcpy.
* string/Versions: Export strlcat and strlcpy for glibc 2.2.
* string/string.h: Declare strlcat and strlcpy.
* string/strlcat.c: New file.
* string/strlcpy.c: Likewise.
--
Always remember that you are unique. Just like everyone else.
diff -uNr glibc-2.1.92/include/string.h glibc-2.1.92-hch/include/string.h
--- glibc-2.1.92/include/string.h Wed Aug 2 15:58:23 2000
+++ glibc-2.1.92-hch/include/string.h Tue Aug 8 17:47:34 2000
@@ -33,7 +33,13 @@
extern void *__memchr (__const void *__s, int __c, size_t __n)
__attribute_pure__;
-
+
+extern size_t __strlcpy (char *__restrict __dest,
+ __const char *__restrict __src, size_t __n) __attribute_pure__;
+
+extern size_t __strlcat (char *__restrict __dest,
+ __const char *__restrict __src, size_t __n) __attribute_pure__;
+
/* Now the real definitions. We do this here since some of the functions
above are defined as macros in the headers. */
#include <string/string.h>
diff -uNr glibc-2.1.92/string/Makefile glibc-2.1.92-hch/string/Makefile
--- glibc-2.1.92/string/Makefile Wed Aug 2 16:04:16 2000
+++ glibc-2.1.92-hch/string/Makefile Tue Aug 8 17:47:34 2000
@@ -29,6 +29,7 @@
strverscmp strdup strndup \
strerror _strerror strlen strnlen \
strncat strncmp strncpy \
+ strlcat strlcpy \
strrchr strpbrk strsignal strspn strstr strtok \
strtok_r strxfrm memchr memcmp memmove memset \
mempcpy bcopy bzero ffs ffsll stpcpy stpncpy \
diff -uNr glibc-2.1.92/string/Versions glibc-2.1.92-hch/string/Versions
--- glibc-2.1.92/string/Versions Mon Jan 24 03:54:13 2000
+++ glibc-2.1.92-hch/string/Versions Tue Aug 8 17:47:34 2000
@@ -72,5 +72,9 @@
# m*
memrchr;
+
+ # secure string functions
+ strlcpy;
+ strlcat;
}
}
diff -uNr glibc-2.1.92/string/string.h glibc-2.1.92-hch/string/string.h
--- glibc-2.1.92/string/string.h Mon May 29 12:43:03 2000
+++ glibc-2.1.92-hch/string/string.h Tue Aug 8 17:47:34 2000
@@ -78,6 +78,12 @@
/* Copy no more than N characters of SRC to DEST. */
extern char *strncpy (char *__restrict __dest,
__const char *__restrict __src, size_t __n) __THROW;
+/* Copy up to N - 1 characters of SRC (NUL-terminated string) to DEST,
+ NUL-terminating the result. */
+#ifdef __USE_BSD
+extern size_t strlcpy (char *__restrict __dest,
+ __const char *__restrict __src, size_t __n) __THROW;
+#endif
/* Append SRC onto DEST. */
extern char *strcat (char *__restrict __dest, __const char *__restrict __src)
@@ -85,6 +91,12 @@
/* Append no more than N characters from SRC onto DEST. */
extern char *strncat (char *__restrict __dest, __const char *__restrict __src,
size_t __n) __THROW;
+/* Append no more than N - strlen(dst) - 1 characters from SRC
+ (NUL-terminated string) onto DEST, NUL-terminating the result */
+#ifdef __USE_BSD
+extern size_t strlcat (char *__restrict __dest, __const char *__restrict __src,
+ size_t __n) __THROW;
+#endif
/* Compare S1 and S2. */
extern int strcmp (__const char *__s1, __const char *__s2)
diff -uNr glibc-2.1.92/string/strlcat.c glibc-2.1.92-hch/string/strlcat.c
--- glibc-2.1.92/string/strlcat.c Thu Jan 1 01:00:00 1970
+++ glibc-2.1.92-hch/string/strlcat.c Tue Aug 8 17:47:49 2000
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <string.h>
+
+#undef __strlcat
+#undef strlcat
+
+#ifndef weak_alias
+# define __strlcat strlcat
+#endif
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left). At most siz-1 characters
+ * will be copied. Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t __strlcat(dst, src, siz)
+ char *dst;
+ const char *src;
+ size_t siz;
+{
+ register char *d = dst;
+ register const char *s = src;
+ register size_t n = siz;
+ size_t dlen;
+
+ /* Find the end of dst and adjust bytes left but don't go past end */
+ while (*d != '\0' && n-- != 0)
+ d++;
+ dlen = d - dst;
+ n = siz - dlen;
+
+ if (n == 0)
+ return(dlen + strlen(s));
+ while (*s != '\0') {
+ if (n != 1) {
+ *d++ = *s;
+ n--;
+ }
+ s++;
+ }
+ *d = '\0';
+
+ return(dlen + (s - src)); /* count does not include NUL */
+}
+
+#ifdef weak_alias
+weak_alias (__strlcat, strlcat)
+#endif
diff -uNr glibc-2.1.92/string/strlcpy.c glibc-2.1.92-hch/string/strlcpy.c
--- glibc-2.1.92/string/strlcpy.c Thu Jan 1 01:00:00 1970
+++ glibc-2.1.92-hch/string/strlcpy.c Tue Aug 8 17:48:03 2000
@@ -0,0 +1,75 @@
+/* $OpenBSD: strlcpy.c,v 1.4 1999/05/01 18:56:41 millert Exp $ */
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <string.h>
+
+#undef __strlcpy
+#undef strclpy
+
+#ifndef weak_alias
+# define __strlcpy strlcpy
+#endif
+
+/*
+ * Copy src to string dst of size siz. At most siz-1 characters
+ * will be copied. Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t __strlcpy(dst, src, siz)
+ char *dst;
+ const char *src;
+ size_t siz;
+{
+ register char *d = dst;
+ register const char *s = src;
+ register size_t n = siz;
+
+ /* Copy as many bytes as will fit */
+ if (n != 0 && --n != 0) {
+ do {
+ if ((*d++ = *s++) == 0)
+ break;
+ } while (--n != 0);
+ }
+
+ /* Not enough room in dst, add NUL and traverse rest of src */
+ if (n == 0) {
+ if (siz != 0)
+ *d = '\0'; /* NUL-terminate dst */
+ while (*s++)
+ ;
+ }
+
+ return(s - src - 1); /* count does not include NUL */
+}
+
+#ifdef weak_alias
+weak_alias (__strlcpy, strlcpy)
+#endif