[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] betcha didn"t know strncpy could leave an unterminated string
- To: or-cvs@freehaven.net
- Subject: [or-cvs] betcha didn"t know strncpy could leave an unterminated string
- From: arma@seul.org (Roger Dingledine)
- Date: Wed, 17 Dec 2003 04:20:31 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Wed, 17 Dec 2003 04:20:53 -0500
- Reply-to: or-dev@freehaven.net
- Sender: owner-or-cvs@freehaven.net
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or
Modified Files:
dirserv.c dns.c
Log Message:
betcha didn't know strncpy could leave an unterminated string
Index: dirserv.c
===================================================================
RCS file: /home/or/cvsroot/src/or/dirserv.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- dirserv.c 14 Dec 2003 06:03:46 -0000 1.22
+++ dirserv.c 17 Dec 2003 09:20:29 -0000 1.23
@@ -376,6 +376,7 @@
for (i = 0; i < n_descriptors; ++i) {
strncat(cp, descriptor_list[i]->descriptor, descriptor_list[i]->desc_len);
+ /* XXX Nick: do strncat and friends null-terminate? man page is ambiguous. */
cp += descriptor_list[i]->desc_len;
assert(!*cp);
}
@@ -400,6 +401,7 @@
((int)digest[2])&0xff,((int)digest[3])&0xff);
strncpy(cp, "-----BEGIN SIGNATURE-----\n", maxlen-i);
+ cp[maxlen-i-1] = 0;
i = strlen(s);
cp = s+i;
Index: dns.c
===================================================================
RCS file: /home/or/cvsroot/src/or/dns.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- dns.c 15 Dec 2003 21:35:52 -0000 1.45
+++ dns.c 17 Dec 2003 09:20:29 -0000 1.46
@@ -100,6 +100,7 @@
}
strncpy(search.address, address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(resolve) { /* it's there */
if(resolve->state == CACHE_STATE_VALID) {
@@ -118,7 +119,7 @@
}
#endif
-/* See if we have an addr for 'exitconn->address'. if so,
+/* See if we have a cache entry for 'exitconn->address'. if so,
* if resolve valid, put it into exitconn->addr and return 1.
* If resolve failed, return -1.
*
@@ -140,6 +141,7 @@
/* now check the tree to see if 'address' is already there. */
strncpy(search.address, exitconn->address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(resolve) { /* already there */
switch(resolve->state) {
@@ -167,6 +169,7 @@
resolve->state = CACHE_STATE_PENDING;
resolve->expire = now + MAX_DNS_ENTRY_AGE;
strncpy(resolve->address, exitconn->address, MAX_ADDRESSLEN);
+ resolve->address[MAX_ADDRESSLEN-1] = 0;
/* add us to the pending list */
pending_connection = tor_malloc(sizeof(struct pending_connection_t));
@@ -226,6 +229,7 @@
struct cached_resolve *resolve, *tmp;
strncpy(search.address, address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(!resolve) {
@@ -299,6 +303,7 @@
struct cached_resolve *resolve;
strncpy(search.address, address, MAX_ADDRESSLEN);
+ search.address[MAX_ADDRESSLEN-1] = 0;
resolve = SPLAY_FIND(cache_tree, &cache_root, &search);
if(!resolve) {