Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2000:
[Freeciv-Dev] patch: safer string handling: common (PR#219)

[Freeciv-Dev] patch: safer string handling: common (PR#219)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	freeciv-dev@xxxxxxxxxxx
Cc:	bugs@xxxxxxxxxxxxxxxxxxx
Subject:	[Freeciv-Dev] patch: safer string handling: common (PR#219)
From:	David Pfitzner <dwp@xxxxxxxxxxxxxx>
Date:	Sat, 1 Jan 2000 00:58:20 -0800 (PST)

The first attached patch adds convenience macros sz_strlcpy() and 
sz_strlcat(), to avoid having to type sizeof(dest) when destination 
is a char array. (Unfortunately can't do this for snprintf since 
varargs macros are not portable.)

The second patch is a tedious but mostly straightforward use of
recent additions *snprintf(), *strlcpy(), *strlcat(), (including
above macros) to do string operations more safely wrt buffer 
overruns. 

This patch just does common/*.c; server/ and client/ to follow.

Basically I decided I might as well use these "safe" versions
almost everywhere, even when buffer overflow "shouldn't" happen,
since its easy enough and doesn't cost much.  So most cases of 
sprintf/strcpy/strcat should be replaced.  I also changed some 
previous safe usage of strncpy, just because using *strlcpy is 
generally simpler.  Also made a change to use an astring instead 
of equivalent code, in datafilename().

These changes will generally avoid buffer overruns by silently 
truncating.  Possibly it would be better to instead print a 
log message when truncation occurs (or even abort?), since
generally this will indicate a bug or other problem.
(A complication with printing a log message is that freelog() 
uses sprintf and strcpy etc, so would need to worry about 
recursion/re-entrancy etc.)  (Lower-level non-printing/aborting
versions would also be necessary for those fewer cases where 
truncation is normal.)

-- David

diff -u -r --exclude-from exclude freeciv-mod/common/support.h 
fc-adv/common/support.h
--- freeciv-mod/common/support.h        Thu Dec 30 15:50:47 1999
+++ fc-adv/common/support.h     Thu Dec 30 16:53:51 1999
@@ -34,6 +34,10 @@
 size_t mystrlcpy(char *dest, const char *src, size_t n);
 size_t mystrlcat(char *dest, const char *src, size_t n);
 
+/* convenience macros for use when dest is a char ARRAY: */
+#define sz_strlcpy(dest,src) mystrlcpy((dest),(src),sizeof(dest))
+#define sz_strlcat(dest,src) mystrlcat((dest),(src),sizeof(dest))
+
 int my_snprintf(char *str, size_t n, const char *format, ...)
      fc__attribute((format (printf, 3, 4)));

safe_str_common.diff.gz
Description: GNU Zip compressed data

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] patch: safer string handling: common (PR#219), David Pfitzner <=

Next by Date: [Freeciv-Dev] patch: safer string handling: server (PR#220)
Next by thread: [Freeciv-Dev] patch: safer string handling: server (PR#220)
Index(es):
- Date
- Thread