From: Andrii Makukha <andriy.makukha@xxxxxxxxx>
Original strlcpy() has a significant disadvantage of being both unsafe
and inefficient. It unnecessarily calculates length of `src` which may
result in a segmentation fault if `src` is not terminated with a
NUL-character.
In this fix, if `src` is too long, strlcpy() returns `size`. This
allows to still detect an error while fixing the mentioned
vulnerabilities. It deviates from original strlcpy(), but for a good
reason.
Signed-off-by: Andrii Makukha <andriy.makukha@xxxxxxxxx>
---
strlcpy(): safer and faster version
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1097%2Famakukha%2Fmaint-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1097/amakukha/maint-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1097
compat/strlcpy.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/compat/strlcpy.c b/compat/strlcpy.c
index 4024c360301..e7fd11015c7 100644
--- a/compat/strlcpy.c
+++ b/compat/strlcpy.c
@@ -2,7 +2,12 @@
size_t gitstrlcpy(char *dest, const char *src, size_t size)
{
- size_t ret = strlen(src);
+ /*
+ * NOTE: original strlcpy returns full length of src, but this is
+ * unsafe. This implementation returns `size` if src is too long.
+ * This behaviour is faster and still allows to detect an issue.
+ */
+ size_t ret = strnlen(src, size);
if (size) {
size_t len = (ret >= size) ? size - 1 : ret;
base-commit: e9d7761bb94f20acc98824275e317fa82436c25d
--
gitgitgadget
