fortify: strcat: Move definition to use fortified strlcat()
Move the definition of fortified strcat() to after strlcat() to use it for bounds checking. Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Kees Cook
parent
605395cd7c
commit
55c84a5cf2
|
|
@ -151,33 +151,6 @@ char *strncpy(char * const POS p, const char *q, __kernel_size_t size)
|
|||
return __underlying_strncpy(p, q, size);
|
||||
}
|
||||
|
||||
/**
|
||||
* strcat - Append a string to an existing string
|
||||
*
|
||||
* @p: pointer to NUL-terminated string to append to
|
||||
* @q: pointer to NUL-terminated source string to append from
|
||||
*
|
||||
* Do not use this function. While FORTIFY_SOURCE tries to avoid
|
||||
* read and write overflows, this is only possible when the
|
||||
* destination buffer size is known to the compiler. Prefer
|
||||
* building the string with formatting, via scnprintf() or similar.
|
||||
* At the very least, use strncat().
|
||||
*
|
||||
* Returns @p.
|
||||
*
|
||||
*/
|
||||
__FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2)
|
||||
char *strcat(char * const POS p, const char *q)
|
||||
{
|
||||
const size_t p_size = __member_size(p);
|
||||
|
||||
if (p_size == SIZE_MAX)
|
||||
return __underlying_strcat(p, q);
|
||||
if (strlcat(p, q, p_size) >= p_size)
|
||||
fortify_panic(__func__);
|
||||
return p;
|
||||
}
|
||||
|
||||
extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
|
||||
/**
|
||||
* strnlen - Return bounded count of characters in a NUL-terminated string
|
||||
|
|
@ -435,6 +408,32 @@ size_t strlcat(char * const POS p, const char * const POS q, size_t avail)
|
|||
return wanted;
|
||||
}
|
||||
|
||||
/* Defined after fortified strlcat() to reuse it. */
|
||||
/**
|
||||
* strcat - Append a string to an existing string
|
||||
*
|
||||
* @p: pointer to NUL-terminated string to append to
|
||||
* @q: pointer to NUL-terminated source string to append from
|
||||
*
|
||||
* Do not use this function. While FORTIFY_SOURCE tries to avoid
|
||||
* read and write overflows, this is only possible when the
|
||||
* destination buffer size is known to the compiler. Prefer
|
||||
* building the string with formatting, via scnprintf() or similar.
|
||||
* At the very least, use strncat().
|
||||
*
|
||||
* Returns @p.
|
||||
*
|
||||
*/
|
||||
__FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2)
|
||||
char *strcat(char * const POS p, const char *q)
|
||||
{
|
||||
const size_t p_size = __member_size(p);
|
||||
|
||||
if (strlcat(p, q, p_size) >= p_size)
|
||||
fortify_panic(__func__);
|
||||
return p;
|
||||
}
|
||||
|
||||
/**
|
||||
* strncat - Append a string to an existing string
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue