This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

bug in confstr

To: libc-alpha at sources dot redhat dot com
Subject: bug in confstr
From: Bruno Haible <haible at ilog dot fr>
Date: Mon, 28 Aug 2000 11:53:01 +0200 (CEST)


When the buffer passed to confstr is smaller than the result string with its
terminating NUL byte, it will entirely fill the buffer but not NUL terminate
it (because that's what strncpy does). But SUSV2 specifies it differently:

   "If the string to be returned is longer than len bytes, including the
    terminating null, then confstr() truncates the string to len-1 bytes
    and null-terminates the result."

Also, there is no requirement that all bytes in the buffer past the NUL be
zeroed out.

Here is a fix.


2000-08-27  Bruno Haible  <haible@clisp.cons.org>

	* posix/confstr.c (confstr): When string_len > len, NUL-terminate
	the result. When string_len < len, don't clear the rest of the buffer.

*** glibc-20000826/posix/confstr.c.bak	Tue Sep  7 17:04:50 1999
--- glibc-20000826/posix/confstr.c	Sat Aug 26 18:46:44 2000
***************
*** 1,4 ****
! /* Copyright (C) 1991, 1996, 1997 Free Software Foundation, Inc.
     This file is part of the GNU C Library.
  
     The GNU C Library is free software; you can redistribute it and/or
--- 1,4 ----
! /* Copyright (C) 1991, 1996, 1997, 2000 Free Software Foundation, Inc.
     This file is part of the GNU C Library.
  
     The GNU C Library is free software; you can redistribute it and/or
***************
*** 22,30 ****
  #include <string.h>
  #include <confstr.h>
  
! /* If BUF is not NULL, fill in at most LEN characters of BUF
!    with the value corresponding to NAME.  Return the number
!    of characters required to hold NAME's entire value.  */
  size_t
  confstr (name, buf, len)
       int name;
--- 22,30 ----
  #include <string.h>
  #include <confstr.h>
  
! /* If BUF is not NULL and LEN > 0, fill in at most LEN - 1 bytes
!    of BUF with the value corresponding to NAME and zero-terminate BUF.
!    Return the number of bytes required to hold NAME's entire value.  */
  size_t
  confstr (name, buf, len)
       int name;
***************
*** 89,95 ****
        return 0;
      }
  
!   if (buf != NULL)
!     (void) strncpy (buf, string, len);
    return string_len;
  }
--- 89,103 ----
        return 0;
      }
  
!   if (len > 0 && buf != NULL)
!     {
!       if (string_len <= len)
! 	memcpy (buf, string, string_len);
!       else
! 	{
! 	  memcpy (buf, string, len - 1);
! 	  buf[len - 1] = '\0';
! 	}
!     }
    return string_len;
  }

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]