commit dcdd2f1fb065b6e98d87ab7b367e8fb483f9b59c
parent e2cfd2879a15db00dfa9a42eeb1baaef6a930aff
Author: jvoisin <julien.voisin@dustri.org>
Date: Mon, 21 Oct 2024 15:04:50 +0200
Neuter an issue in strncat
`strlen(src)` isn't guaranteed to be valid.
Diffstat:
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/include/string.h b/include/string.h
@@ -287,6 +287,7 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
#if __has_builtin(__builtin___strncat_chk) && FORTIFY_USE_NATIVE_CHK
return __builtin___strncat_chk(__d, __s, __n, __fh_bos(__d, 0));
#else
+#if 0 // strlen(__s) isn't guaranteed to be valid.
__fh_size_t __b = __fh_bos(__d, 0);
if (__n > __b) {
@@ -297,6 +298,7 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
if (__sl + __dl + 1 > __b)
__builtin_trap();
}
+#endif
return __orig_strncat(__d, __s, __n);
#endif
}
diff --git a/tests/test_strncat_dynamic_write.c b/tests/test_strncat_dynamic_write.c
@@ -7,9 +7,11 @@ int main(int argc, char** argv) {
strncat(buffer, "1234567", 5);
puts(buffer);
+#if 0
CHK_FAIL_START
strncat(buffer, argv[1], argc);
CHK_FAIL_END
+#endif
puts(buffer);
return ret;
diff --git a/tests/test_strncat_static_write.c b/tests/test_strncat_static_write.c
@@ -4,12 +4,15 @@
int main(int argc, char** argv) {
char buffer[8] = {0};
- strncat(buffer, "1234567", 5);
+ char src[] = {'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
+ strncat(buffer, src, 5);
puts(buffer);
+#if 0
CHK_FAIL_START
- strncat(buffer, "1234567890", 10);
+ strncat(buffer, src, 10);
CHK_FAIL_END
+#endif
puts(buffer);
return ret;
