Xen project Mailing List

[Xen-changelog] [xen-unstable] Remove strcat/strncat/strcmp/strncmp. Replaced with safer

From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Tue, 30 Jan 2007 06:00:14 -0800

Delivery-date: Tue, 30 Jan 2007 06:00:19 -0800

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User kfraser@xxxxxxxxxxxxxxxxxxxxx # Date 1170086683 0 # Node ID 647c06ba0b49ea05672ec8a4baa152445050d316 # Parent d2784d93e760ad96ab25cb7cacee491177708ce0 Remove strcat/strncat/strcmp/strncmp. Replaced with safer alternatives (including a new implementation of strlcat). Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx> --- xen/arch/x86/cpu/cyrix.c | 2 xen/arch/x86/setup.c | 24 +++++----- xen/common/string.c | 111 +++++++++++------------------------------------ xen/include/xen/string.h | 26 +++++------ 4 files changed, 54 insertions(+), 109 deletions(-) diff -r d2784d93e760 -r 647c06ba0b49 xen/arch/x86/cpu/cyrix.c --- a/xen/arch/x86/cpu/cyrix.c Mon Jan 29 15:01:33 2007 +0000 +++ b/xen/arch/x86/cpu/cyrix.c Mon Jan 29 16:04:43 2007 +0000 @@ -302,7 +302,7 @@ static void __init init_cyrix(struct cpu break; } safe_strcpy(c->x86_model_id, Cx86_model[dir0_msn & 7]); - if (p) strcat(c->x86_model_id, p); + if (p) safe_strcat(c->x86_model_id, p); return; } diff -r d2784d93e760 -r 647c06ba0b49 xen/arch/x86/setup.c --- a/xen/arch/x86/setup.c Mon Jan 29 15:01:33 2007 +0000 +++ b/xen/arch/x86/setup.c Mon Jan 29 16:04:43 2007 +0000 @@ -751,19 +751,19 @@ void __init __start_xen(multiboot_info_t safe_strcpy(dom0_cmdline, cmdline); } + /* Append any extra parameters. */ + if ( skip_ioapic_setup && !strstr(dom0_cmdline, "noapic") ) + safe_strcat(dom0_cmdline, " noapic"); + if ( acpi_skip_timer_override && + !strstr(dom0_cmdline, "acpi_skip_timer_override") ) + safe_strcat(dom0_cmdline, " acpi_skip_timer_override"); + if ( (strlen(acpi_param) != 0) && !strstr(dom0_cmdline, "acpi=") ) + { + safe_strcat(dom0_cmdline, " acpi="); + safe_strcat(dom0_cmdline, acpi_param); + } + cmdline = dom0_cmdline; - - /* Append any extra parameters. */ - if ( skip_ioapic_setup && !strstr(cmdline, "noapic") ) - strcat(cmdline, " noapic"); - if ( acpi_skip_timer_override && - !strstr(cmdline, "acpi_skip_timer_override") ) - strcat(cmdline, " acpi_skip_timer_override"); - if ( (strlen(acpi_param) != 0) && !strstr(cmdline, "acpi=") ) - { - strcat(cmdline, " acpi="); - strcat(cmdline, acpi_param); - } } if ( (initrdidx > 0) && (initrdidx < mbi->mods_count) ) diff -r d2784d93e760 -r 647c06ba0b49 xen/common/string.c --- a/xen/common/string.c Mon Jan 29 15:01:33 2007 +0000 +++ b/xen/common/string.c Mon Jan 29 16:04:43 2007 +0000 @@ -41,44 +41,6 @@ int strnicmp(const char *s1, const char } #endif -#ifndef __HAVE_ARCH_STRCPY -/** - * strcpy - Copy a %NUL terminated string - * @dest: Where to copy the string to - * @src: Where to copy the string from - */ -char * strcpy(char * dest,const char *src) -{ - char *tmp = dest; - - while ((*dest++ = *src++) != '\0') - /* nothing */; - return tmp; -} -#endif - -#ifndef __HAVE_ARCH_STRNCPY -/** - * strncpy - Copy a length-limited, %NUL-terminated string - * @dest: Where to copy the string to - * @src: Where to copy the string from - * @count: The maximum number of bytes to copy - * - * Note that unlike userspace strncpy, this does not %NUL-pad the buffer. - * However, the result is not %NUL-terminated if the source exceeds - * @count bytes. - */ -char * strncpy(char * dest,const char *src,size_t count) -{ - char *tmp = dest; - - while (count-- && (*dest++ = *src++) != '\0') - /* nothing */; - - return tmp; -} -#endif - #ifndef __HAVE_ARCH_STRLCPY /** * strlcpy - Copy a %NUL terminated string into a sized buffer @@ -105,52 +67,33 @@ EXPORT_SYMBOL(strlcpy); EXPORT_SYMBOL(strlcpy); #endif -#ifndef __HAVE_ARCH_STRCAT -/** - * strcat - Append one %NUL-terminated string to another - * @dest: The string to be appended to - * @src: The string to append to it - */ -char * strcat(char * dest, const char * src) -{ - char *tmp = dest; - - while (*dest) - dest++; - while ((*dest++ = *src++) != '\0') - ; - - return tmp; -} -#endif - -#ifndef __HAVE_ARCH_STRNCAT -/** - * strncat - Append a length-limited, %NUL-terminated string to another - * @dest: The string to be appended to - * @src: The string to append to it - * @count: The maximum numbers of bytes to copy - * - * Note that in contrast to strncpy, strncat ensures the result is - * terminated. - */ -char * strncat(char *dest, const char *src, size_t count) -{ - char *tmp = dest; - - if (count) { - while (*dest) - dest++; - while ((*dest++ = *src++)) { - if (--count == 0) { - *dest = '\0'; - break; - } - } - } - - return tmp; -} +#ifndef __HAVE_ARCH_STRLCAT +/** + * strlcat - Append a %NUL terminated string into a sized buffer + * @dest: Where to copy the string to + * @src: Where to copy the string from + * @size: size of destination buffer + * + * Compatible with *BSD: the result is always a valid + * NUL-terminated string that fits in the buffer (unless, + * of course, the buffer size is zero). + */ +size_t strlcat(char *dest, const char *src, size_t size) +{ + size_t slen = strlen(src); + size_t dlen = strnlen(dest, size); + char *p = dest + dlen; + + while ((p - dest) < size) + if ((*p++ = *src++) == '\0') + break; + + if (dlen < size) + *(p-1) = '\0'; + + return slen + dlen; +} +EXPORT_SYMBOL(strlcat); #endif #ifndef __HAVE_ARCH_STRCMP diff -r d2784d93e760 -r 647c06ba0b49 xen/include/xen/string.h --- a/xen/include/xen/string.h Mon Jan 29 15:01:33 2007 +0000 +++ b/xen/include/xen/string.h Mon Jan 29 16:04:43 2007 +0000 @@ -19,20 +19,20 @@ extern __kernel_size_t strspn(const char */ #include <asm/string.h> -#ifndef __HAVE_ARCH_STRCPY -extern char * strcpy(char *,const char *); -#endif -#ifndef __HAVE_ARCH_STRNCPY -extern char * strncpy(char *,const char *, __kernel_size_t); -#endif +/* + * These string functions are considered too dangerous for normal use. + * Use safe_strcpy(), safe_strcat(), strlcpy(), strlcat() as appropriate. + */ +#define strcpy __xen_has_no_strcpy__ +#define strcat __xen_has_no_strcat__ +#define strncpy __xen_has_no_strncpy__ +#define strncat __xen_has_no_strncat__ + #ifndef __HAVE_ARCH_STRLCPY extern size_t strlcpy(char *,const char *, __kernel_size_t); #endif -#ifndef __HAVE_ARCH_STRCAT -extern char * strcat(char *, const char *); -#endif -#ifndef __HAVE_ARCH_STRNCAT -extern char * strncat(char *, const char *, __kernel_size_t); +#ifndef __HAVE_ARCH_STRLCAT +extern size_t strlcat(char *,const char *, __kernel_size_t); #endif #ifndef __HAVE_ARCH_STRCMP extern int strcmp(const char *,const char *); @@ -82,6 +82,8 @@ extern void * memchr(const void *,int,__ } #endif -#define safe_strcpy(d, s) strlcpy(d, s, sizeof(d)) +/* safe_xxx always NUL-terminates and returns !=0 if result is truncated. */ +#define safe_strcpy(d, s) (strlcpy(d, s, sizeof(d)) >= sizeof(d)) +#define safe_strcat(d, s) (strlcat(d, s, sizeof(d)) >= sizeof(d)) #endif /* _LINUX_STRING_H_ */ _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.