[Python-Dev] cpython: Use strncat() instead of strcat() to silence some warnings.
Antoine Pitrou
solipsis at pitrou.net
Sat Jul 20 14:36:04 CEST 2013
On Sat, 20 Jul 2013 15:23:46 +0300
Serhiy Storchaka <storchaka at gmail.com> wrote:
> 20.07.13 15:12, christian.heimes написав(ла):
> > http://hg.python.org/cpython/rev/c92f4172d122
> > changeset: 84723:c92f4172d122
> > user: Christian Heimes <christian at cheimes.de>
> > date: Sat Jul 20 14:11:28 2013 +0200
> > summary:
> > Use strncat() instead of strcat() to silence some warnings.
> > CID 486616, CID 486617, CID 486615
> >
[...]
>
> This will wrong when strlen(fname) is 30. strncat() will copy only 30
> bytes, without terminal NUL.
So, for the record, this is roughly how Rasmus Lerdorf introduced a
security hole in PHP 5.3.7:
"For people asking me out-of-band what the screw-up was, it was pretty
simple. I changed this code:
memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN);
strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1);
strcat(passwd, "$");
to:
memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN);
strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1);
strlcat(passwd, "$", 1);
**because the Coverity static analyzer warned about using strcat**
[emphasis mine] and we generally try to avoid naked strcat/strcpy in the
codebase even though in this case it is safe to do."
https://plus.google.com/113641248237520845183/posts/g68d9RvRA1i
Regards
Antoine.
More information about the Python-Dev
mailing list