Re: CVS commit: src/external/bsd/blocklist/lib

[Taylor R Campbell <riastradh%NetBSD.org@localhost>]

> Module Name:    src
> Committed By:   christos
> Date:           Sat Mar 29 23:25:57 UTC 2025
> 
> Modified Files:
>         src/external/bsd/blocklist/lib: bl.c
> 
> Log Message:
> Don't use strlcpy() because it will keep going trying to find the end of the
> input string (thanks riastradh)
> 
> 
> To generate a diff of this commit:
> cvs rdiff -u -r1.7 -r1.8 src/external/bsd/blocklist/lib/bl.c
> 
> -		rem = MIN(sizeof(bi->bi_msg), rem + 1);
> -		strlcpy(bi->bi_msg, ub.bl.bl_data, rem);
> +		rem = MIN(sizeof(bi->bi_msg) - 1, rem);
> +		memcpy(bi->bi_msg, ub.bl.bl_data, rem);
>  		bi->bi_msg[sizeof(bi->bi_msg) - 1] = '\0';

This is still broken: now it doesn't read past the end the input
buffer, but it leaves the bytes bi->bi_msg[rem], bi->bi_msg[rem + 1],
bi->bi_msg[rem + 2] ..., bi->bi_msg[sizeof(bi->bi_msg) - 2]
uninitialized, and will later dump this uninitialized heap data into
syslog.

I suggest you try the code I already suggested in my previous message:

	rem = MIN(sizeof(bi->bi_msg) - 1, rem);
	memcpy(bi->bi_msg, ub.bl.bl_data, rem);
	bi->bi_msg[rem] = '\0';

This will initialize bi->bi_msg[0], bi->bi_msg[1], bi->bi_msg[2], ...,
bi->bi_msg[rem - 2], bi->bi_msg[rem - 1], and bi->bi_msg[rem], with
the last one being the NUL terminator.  So nothing that goes out on
syslog will be uninitialized heap data.

And, please, cite the PR in the commit message like I _just asked_ in
my previous message, so we can track these changes for pullup to 9 and
10.