> Module Name: src
> Committed By: christos
> Date: Sat Mar 29 23:25:57 UTC 2025
>
> Modified Files:
> src/external/bsd/blocklist/lib: bl.c
>
> Log Message:
> Don't use strlcpy() because it will keep going trying to find the end of the
> input string (thanks riastradh)
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blocklist/lib/bl.c
>
> - rem = MIN(sizeof(bi->bi_msg), rem + 1);
> - strlcpy(bi->bi_msg, ub.bl.bl_data, rem);
> + rem = MIN(sizeof(bi->bi_msg) - 1, rem);
> + memcpy(bi->bi_msg, ub.bl.bl_data, rem);
> bi->bi_msg[sizeof(bi->bi_msg) - 1] = '\0';
This is still broken: now it doesn't read past the end the input
buffer, but it leaves the bytes bi->bi_msg[rem], bi->bi_msg[rem + 1],
bi->bi_msg[rem + 2] ..., bi->bi_msg[sizeof(bi->bi_msg) - 2]
uninitialized, and will later dump this uninitialized heap data into
syslog.
I suggest you try the code I already suggested in my previous message:
rem = MIN(sizeof(bi->bi_msg) - 1, rem);
memcpy(bi->bi_msg, ub.bl.bl_data, rem);
bi->bi_msg[rem] = '\0';
This will initialize bi->bi_msg[0], bi->bi_msg[1], bi->bi_msg[2], ...,
bi->bi_msg[rem - 2], bi->bi_msg[rem - 1], and bi->bi_msg[rem], with
the last one being the NUL terminator. So nothing that goes out on
syslog will be uninitialized heap data.
And, please, cite the PR in the commit message like I _just asked_ in
my previous message, so we can track these changes for pullup to 9 and
10.
