Re: trunk r11017: Avoid a lot of bufer overruns in ext_edirectory_userip_acl

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 09 Nov 2010 18:01:14 +1300

On 09/11/10 10:44, Alex Rousskov wrote:
> On 11/05/2010 06:47 AM, Amos Jeffries wrote:
>> ------------------------------------------------------------
>> revno: 11017
>> committer: Amos Jeffries<squid3_at_treenet.co.nz>
>> branch nick: trunk
>
>> - xstrncpy(prog, EDUI_PROGRAM_NAME, sizeof(prog));
>> + xstrncpy(prog, EDUI_PROGRAM_NAME, strlen(EDUI_PROGRAM_NAME));
>
>
>> - xstrncpy(prog, edui_conf.program, sizeof(prog));
>> + xstrncpy(prog, edui_conf.program, strlen(edui_conf.program));
>
>> - xstrncpy(cbuf, prog, sizeof(cbuf));
>> + xstrncpy(cbuf, prog, strlen(prog));
>
> ...
>
> These and probably other changes in this commit look like bugs to me:
> The third argument to xstrncpy() should be the destination buffer size,
> not the source string length. The string length is usually irrelevant
> because xstrncpy() will not copy past the 0-terminator of the source
> string.

Aw hell. Thought I got rid of those all again. The patch was for
strncat() and bcmp() bugs.

Reverting.

>
> BTW, the following code (which was not changed by this commit), appears
> to be buggy or weird and should be changed to use cbuf buffer size, not
> cbuf string length:
>
>> memset(cbuf, '\0', strlen(cbuf));

Ouch. Thanks.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.2
Received on Tue Nov 09 2010 - 05:01:20 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 09 2010 - 12:00:04 MST