Hello Matthew,
On 06/07/2018 06:10 AM, Matthew Kilgore wrote:
> The example code currently passes `buflen - 1` to `strncpy`, however
> the length parameter to `strncpy` is `size_t`, which is unsigned.
> This means that when `buflen` is zero, the cast of `-1` to unsigned will
> result in passing `UINT_MAX` as the length. Obviously, that would be
> incorrect and could cause `strncpy` to write well beyond the buffer
> passed.
>
> The easy solution is to wrap the whole code in the `buflen > 0`
> check, rather then just the part of the code that applies the null
> terminator.
Thanks. Patch applied.
Cheers,
Michael
> Signed-off-by: Matthew Kilgore <mattkilgore12@xxxxxxxxx>
> ---
> man3/strcpy.3 | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/man3/strcpy.3 b/man3/strcpy.3
> index 1596a95f59b9..02f7bfaa1416 100644
> --- a/man3/strcpy.3
> +++ b/man3/strcpy.3
> @@ -166,9 +166,10 @@ you can force termination using something like the following:
> .PP
> .in +4n
> .EX
> -strncpy(buf, str, buflen \- 1);
> -if (buflen > 0)
> +if (buflen > 0) {
> + strncpy(buf, str, buflen \- 1);
> buf[buflen \- 1]= \(aq\\0\(aq;
> +}
> .EE
> .in
> .PP
>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
