cvs commit: src Makefile.inc1 src/lib/libc/gen __xuname.c
getosreldate.c
Garance A Drosehn
gad at FreeBSD.org
Fri Dec 2 16:17:59 GMT 2005
At 6:57 AM -0800 12/2/05, Doug Ambrisko wrote:
>Pawel Jakub Dawidek writes:
>| [...]
>| +> name->sysname[sizeof(name->sysname) - 1] = '\0';
>| +> + if ((p = getenv("UNAME_s")))
>| +> + strncpy(name->sysname, p, sizeof(name->sysname));
>| [...]
>| +> name->release[sizeof(name->release) - 1] = '\0';
>| +> + if ((p = getenv("UNAME_r")))
>| +> + strncpy(name->release, p, sizeof(name->release));
>| [...]
>| +> + if ((p = getenv("UNAME_v")))
>| +> + strncpy(name->version, p, sizeof(name->version));
>| [...]
>| +> name->machine[sizeof(name->machine) - 1] = '\0';
>| +> + if ((p = getenv("UNAME_m")))
>| +> + strncpy(name->machine, p, sizeof(name->machine));
>|
>| As you can see, previous code tried to NULL-terminate buffer
>| copied using strncpy(3) properly and you inserted your changes
>| after these terminations. Please, NULL-terminate the buffers
>| after using strncpy(3).
>
>The prior code had to NULL-terminate by hand since the data could
>come from the sysctl not NULL-terminate. I thought the strncpy
>would NULL-terminate but you are correct.
strncpy is meant for strings where you don't want null-termination
(such as fixed-length fields in structs). It was not meant for
situations like this. Code like this should use strlcpy() instead.
--
Garance Alistair Drosehn = gad at gilead.netel.rpi.edu
Senior Systems Programmer or gad at FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA
More information about the cvs-src
mailing list