Since we use strlen() to determine the length
and then check it ourselves, there is really
no point in using strncpy.
But the compiler might complain that we use
the output of strlen() for the length of
strncpy which is usually a sign for bugs:
error: ‘strncpy’ specified bound depends
on the length of the source argument
[-Werror=stringop-overflow=]
Warning was at least triggered for
mingw-gcc version 10-win32 20220113.
v2:
- make len size_t and change code to avoid any theoretical overflows
- remove useless casts
v3:
- fix off-by-one introduced by v2 %)
Change-Id: If4a67adac4d2e870fd719b58075d39efcd67c671
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
src/openvpn/buffer.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index d099795b..36b28afb 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -316,10 +316,10 @@ buf_catrunc(struct buffer *buf, const char *str)
{
if (buf_forward_capacity(buf) <= 1)
{
- int len = (int) strlen(str) + 1;
- if (len < buf_forward_capacity_total(buf))
+ size_t len = strlen(str);
+ if (buf_size_valid(len) && (len + 1 < buf_forward_capacity_total(buf)))
{
- strncpynt((char *)(buf->data + buf->capacity - len), str, len);
+ memcpy(buf->data + buf->capacity - len - 1, str, len + 1);
}
}
}
--
2.34.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
