On Sun, Jun 11, 2006 at 10:24:23PM +0100, David Laight wrote:
> On Sat, Jun 10, 2006 at 12:28:18PM -0700, hypnosses@pulltheplug.org wrote:
> > There is a small bug in crunchgen when dealing with a large string which
> > causes it to crash. heres a patch for it.
> ...
> > Index: crunchgen.c
> > ===================================================================
> > RCS file: /cvsroot/src/usr.bin/crunch/crunchgen/crunchgen.c,v
> > retrieving revision 1.69
> > diff -r1.69 crunchgen.c
> > 163,166c163,166
> > <       case 'm':       strcpy(outmkname, optarg); break;
> > <       case 'c':       strcpy(outcfname, optarg); break;
> > <       case 'e':       strcpy(execfname, optarg); break;
> > <       case 'd':       strcpy(dbg, optarg); break;
> > ---
> > >       case 'm':       strlcpy(outmkname, optarg, sizeof outmkname); break;
> > >       case 'c':       strlcpy(outcfname, optarg, sizeof outcfname); break;
> > >       case 'e':       strlcpy(execfname, optarg, sizeof execfname); break;
> > >       case 'd':       strlcpy(dbg, optarg, sizeof dbg); break;
> ...
> 
> Except that after these changes it will silently do the wrong thing, which
> is probably worse than the core dump!
> There are 2 fixes:
> 1) exit with an error message saying one of the strings is too long
> 2) dynamically allocate memory for the strings.

In one of my projects, I wrapped strlcpy with simple error-detection
logic, however, an 'xstrlcpy' that exits with an error might be more
appropriate for crunchgen:

/* Return -1 if the destination buffer (dst, size) is too small for src,
 * 0 otherwise.
 */
int
estrlcpy(char *dst, const char *src, size_t size)
{
        if (strlcpy(dst, src, size) >= size)
                return -1;
        return 0;
}

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933