util: Don't read over 'size - 1' bytes of source string in ovs_strlcpy().

The blind replacement of strncpy() by ovs_strlcpy() is risky because strncpy() never reads more bytes from its source string than necessary to write its destination string, but ovs_strlcpy() and the OpenBSD function that inspired it both read the entire source string. This avoids that problem. Given that change, we can use ovs_strlcpy() in a few more places, and this commit does that too. Coverity #10697,10696,10695,10694,10693,10692,10691,10690.
2025-10-15 14:17:18 +00:00 · 2011-02-22 10:41:15 -08:00
parent 0e191d8fae
commit e868fb3d32
3 changed files with 8 additions and 9 deletions
--- a/lib/util.c
+++ b/lib/util.c
@@ -137,14 +137,15 @@ xasprintf(const char *format, ...)
    return s;
 }

+/* Similar to strlcpy() from OpenBSD, but it never reads more than 'size - 1'
+ * bytes from 'src' and doesn't return anything. */
 void
 ovs_strlcpy(char *dst, const char *src, size_t size)
 {
    if (size > 0) {
-        size_t n = strlen(src);
-        size_t n_copy = MIN(n, size - 1);
-        memcpy(dst, src, n_copy);
-        dst[n_copy] = '\0';
+        size_t len = strnlen(src, size - 1);
+        memcpy(dst, src, len);
+        dst[len] = '\0';
    }
 }