util: Don't read over 'size - 1' bytes of source string in ovs_strlcpy().

The blind replacement of strncpy() by ovs_strlcpy() is risky because strncpy() never reads more bytes from its source string than necessary to write its destination string, but ovs_strlcpy() and the OpenBSD function that inspired it both read the entire source string. This avoids that problem. Given that change, we can use ovs_strlcpy() in a few more places, and this commit does that too. Coverity #10697,10696,10695,10694,10693,10692,10691,10690.
2025-10-25 15:07:05 +00:00 · 2011-02-22 10:41:15 -08:00
parent 0e191d8fae
commit e868fb3d32
3 changed files with 8 additions and 9 deletions
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -1315,8 +1315,7 @@ ofp_print_ofpst_table_reply(struct ds *string, const struct ofp_header *oh,

    for (; n--; ts++) {
        char name[OFP_MAX_TABLE_NAME_LEN + 1];
-        strncpy(name, ts->name, sizeof name);
-        name[OFP_MAX_TABLE_NAME_LEN] = '\0';
+        ovs_strlcpy(name, ts->name, sizeof name);

        ds_put_format(string, "  %d: %-8s: ", ts->table_id, name);
        ds_put_format(string, "wild=0x%05"PRIx32", ", ntohl(ts->wildcards));
--- a/lib/route-table.c
+++ b/lib/route-table.c
@@ -111,7 +111,7 @@ route_table_get_name(ovs_be32 ip, char name[IFNAMSIZ])

        nn = name_node_lookup(ifindex);
        if (nn) {
-            strncpy(name, nn->ifname, IFNAMSIZ);
+            ovs_strlcpy(name, nn->ifname, IFNAMSIZ);
            return true;
        }
    }
@@ -445,8 +445,7 @@ name_table_reset(void)

            nn = xzalloc(sizeof *nn);
            nn->ifi_index = change.ifi_index;
-            strncpy(nn->ifname, change.ifname, IFNAMSIZ);
-            nn->ifname[IFNAMSIZ - 1] = '\0';
+            ovs_strlcpy(nn->ifname, change.ifname, IFNAMSIZ);
            hmap_insert(&name_map, &nn->node, hash_int(nn->ifi_index, 0));
        }
    }
--- a/lib/util.c
+++ b/lib/util.c
@@ -137,14 +137,15 @@ xasprintf(const char *format, ...)
    return s;
 }

+/* Similar to strlcpy() from OpenBSD, but it never reads more than 'size - 1'
+ * bytes from 'src' and doesn't return anything. */
 void
 ovs_strlcpy(char *dst, const char *src, size_t size)
 {
    if (size > 0) {
-        size_t n = strlen(src);
-        size_t n_copy = MIN(n, size - 1);
-        memcpy(dst, src, n_copy);
-        dst[n_copy] = '\0';
+        size_t len = strnlen(src, size - 1);
+        memcpy(dst, src, len);
+        dst[len] = '\0';
    }
 }