Copy one byte less in strncpynt()
While the existing code is not wrong and will never cause an overflow,
it will copy (on a too-long source string) "maxlen" bytes to dest, and
then overwrite the last byte just copied with "0" - which causes a
warning in gcc 9 about filling the target buffer "up to the end,
with no room for a trailing 0 anymore".
Reducing the maximum bytes-to-be-copied to "maxlen -1", because the
last byte will be stamped with 0 anyway.
v2: do not ASSERT() on "maxlen == 0", but move the strncpy() call inside
the if() clause - so "just do nothing" on maxlen == 0, as before.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20190608075622.11589-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18502.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering authored on 2019/06/08 16:56:22Showing 1 changed files
| ... | ... |
@@ -347,9 +347,9 @@ buf_set_read(struct buffer *buf, const uint8_t *data, int size) |
| 347 | 347 |
static inline void |
| 348 | 348 |
strncpynt(char *dest, const char *src, size_t maxlen) |
| 349 | 349 |
{
|
| 350 |
- strncpy(dest, src, maxlen); |
|
| 351 | 350 |
if (maxlen > 0) |
| 352 | 351 |
{
|
| 352 |
+ strncpy(dest, src, maxlen-1); |
|
| 353 | 353 |
dest[maxlen - 1] = 0; |
| 354 | 354 |
} |
| 355 | 355 |
} |