From dcdd2f1fb065b6e98d87ab7b367e8fb483f9b59c Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 21 Oct 2024 15:04:50 +0200 Subject: Neuter an issue in strncat `strlen(src)` isn't guaranteed to be valid. --- include/string.h | 2 ++ tests/test_strncat_dynamic_write.c | 2 ++ tests/test_strncat_static_write.c | 7 +++++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/include/string.h b/include/string.h index 89bf25e..2e2b29c 100644 --- a/include/string.h +++ b/include/string.h @@ -287,6 +287,7 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s, #if __has_builtin(__builtin___strncat_chk) && FORTIFY_USE_NATIVE_CHK return __builtin___strncat_chk(__d, __s, __n, __fh_bos(__d, 0)); #else +#if 0 // strlen(__s) isn't guaranteed to be valid. __fh_size_t __b = __fh_bos(__d, 0); if (__n > __b) { @@ -297,6 +298,7 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s, if (__sl + __dl + 1 > __b) __builtin_trap(); } +#endif return __orig_strncat(__d, __s, __n); #endif } diff --git a/tests/test_strncat_dynamic_write.c b/tests/test_strncat_dynamic_write.c index c538339..d5c5a94 100644 --- a/tests/test_strncat_dynamic_write.c +++ b/tests/test_strncat_dynamic_write.c @@ -7,9 +7,11 @@ int main(int argc, char** argv) { strncat(buffer, "1234567", 5); puts(buffer); +#if 0 CHK_FAIL_START strncat(buffer, argv[1], argc); CHK_FAIL_END +#endif puts(buffer); return ret; diff --git a/tests/test_strncat_static_write.c b/tests/test_strncat_static_write.c index 9332adc..7fe89ff 100644 --- a/tests/test_strncat_static_write.c +++ b/tests/test_strncat_static_write.c @@ -4,12 +4,15 @@ int main(int argc, char** argv) { char buffer[8] = {0}; - strncat(buffer, "1234567", 5); + char src[] = {'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'}; + strncat(buffer, src, 5); puts(buffer); +#if 0 CHK_FAIL_START - strncat(buffer, "1234567890", 10); + strncat(buffer, src, 10); CHK_FAIL_END +#endif puts(buffer); return ret; -- cgit v1.3