? body ? commit ? libtoolize.in ? config/config.guess ? config/config.sub ? config/ltmain.m4sh-save ? tests/defs.in Index: ChangeLog =================================================================== RCS file: /cvsroot/libtool/libtool/ChangeLog,v retrieving revision 1.1667.2.98 diff -u -r1.1667.2.98 ChangeLog --- ChangeLog 9 Dec 2004 17:59:38 -0000 1.1667.2.98 +++ ChangeLog 12 Dec 2004 20:23:42 -0000 @@ -1,3 +1,12 @@ +2004-12-12 Bob Friesenhahn + + * libltdl/lt__strl.c, libltdl/libltdl/lt__strl.h: New files to + emulate strlcat and strlcpy, which support size-bounded string + copying and concatenation for improved security. + * libltdl/Makefile.am (libdlloader_la_SOURCES): Build source files + libltdl/lt__strl.c and libltdl/libltdl/lt__strl.h. + * m4/ltdl.m4 (LTDL_INIT): Add checks for strlcat and strlcpy. + 2004-12-09 Albert Chin-A-Young * config/ltmain.m4sh: Preserve -model [arg] option, used Index: libltdl/Makefile.am =================================================================== RCS file: /cvsroot/libtool/libtool/libltdl/Makefile.am,v retrieving revision 1.64.2.4 diff -u -r1.64.2.4 Makefile.am --- libltdl/Makefile.am 23 Nov 2004 16:01:31 -0000 1.64.2.4 +++ libltdl/Makefile.am 12 Dec 2004 20:23:42 -0000 @@ -35,7 +35,9 @@ lib_LTLIBRARIES = libdlloader.la libdlloader_la_SOURCES = libltdl/lt_error.h lt_error.c \ - libltdl/lt__private.h libltdl/lt_system.h \ + libltdl/lt__private.h \ + lt__strl.c libltdl/lt__strl.h \ + libltdl/lt_system.h \ libltdl/lt__alloc.h lt__alloc.c \ libltdl/lt__glibc.h \ libltdl/lt__dirent.h \ Index: libltdl/lt__strl.c =================================================================== RCS file: libltdl/lt__strl.c diff -N libltdl/lt__strl.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ libltdl/lt__strl.c 12 Dec 2004 20:23:42 -0000 @@ -0,0 +1,127 @@ +/* lt__strl.c -- size-bounded string copying and concatenation + Copyright (C) 2004 Free Software Foundation, Inc. + Written by Bob Friesenhahn + + NOTE: The canonical source of this file is maintained with the + GNU Libtool package. Report bugs to address@hidden + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2 of the License, or (at your option) any later version. + +As a special exception to the GNU Lesser General Public License, +if you distribute this file as part of a program or library that +is built using GNU libtool, you may include it under the same +distribution terms that you use for the rest of that program. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA + +*/ + +#include +#include +#include + +#include "lt__strl.h" + +/* + lt_strlcat appends the NULL-terminated string src to the end of dst. + It will append at most dstsize - strlen(dst) - 1 bytes, + NULL-terminating the result. The total length of the string which + would have been created given sufficient buffer size (may be longer + than dstsize) is returned. This function substitutes for strlcat() + which is available under NetBSD, FreeBSD and Solaris 9. + + Buffer overflow can be checked as follows: + + if (lt_strlcat(dst, src, dstsize) >= dstsize) + return -1; +*/ +#if !defined(HAVE_STRLCAT) +size_t +lt_strlcat(char *dst, const char *src, const size_t dstsize) +{ + size_t length; + char *p; + const char *q; + + assert(dst != NULL); + assert(src != (const char *) NULL); + assert(dstsize >= 1); + + length=strlen(dst); + + /* + Copy remaining characters from src while constraining length to + size - 1. + */ + for ( p = dst + length, q = src; + (*q != 0) && (length < dstsize - 1) ; + length++, p++, q++ ) + *p = *q; + + dst[length]='\0'; + + /* + Add remaining length of src to length. + */ + while (*q++) + length++; + + return length; +} +#endif /* !defined(HAVE_STRLCAT) */ + +/* + lt_strlcpy copies up to dstsize - 1 characters from the NULL-terminated + string src to dst, NULL-terminating the result. The total length of + the string which would have been created given sufficient buffer + size (may be longer than dstsize) is returned. This function + substitutes for strlcpy() which is available under OpenBSD, FreeBSD + and Solaris 9. + + Buffer overflow can be checked as follows: + + if (lt_strlcpy(dst, src, dstsize) >= dstsize) + return -1; +*/ +#if !defined(HAVE_STRLCPY) +size_t +lt_strlcpy(char *dst, const char *src, const size_t dstsize) +{ + size_t length=0; + char *p; + const char *q; + + assert(dst != NULL); + assert(src != (const char *) NULL); + assert(dstsize >= 1); + + /* + Copy src to dst within bounds of size-1. + */ + for ( p=dst, q=src, length=0 ; + (*q != 0) && (length < dstsize-1) ; + length++, p++, q++ ) + *p = *q; + + dst[length]='\0'; + + /* + Add remaining length of src to length. + */ + while (*q++) + length++; + + return length; +} +#endif /* !defined(HAVE_STRLCPY) */ Index: libltdl/libltdl/lt__strl.h =================================================================== RCS file: libltdl/libltdl/lt__strl.h diff -N libltdl/libltdl/lt__strl.h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ libltdl/libltdl/lt__strl.h 12 Dec 2004 20:23:42 -0000 @@ -0,0 +1,50 @@ +/* lt__strl.h -- size-bounded string copying and concatenation + Copyright (C) 2004 Free Software Foundation, Inc. + Written by Bob Friesenhahn + + NOTE: The canonical source of this file is maintained with the + GNU Libtool package. Report bugs to address@hidden + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2 of the License, or (at your option) any later version. + +As a special exception to the GNU Lesser General Public License, +if you distribute this file as part of a program or library that +is built using GNU libtool, you may include it under the same +distribution terms that you use for the rest of that program. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA + +*/ + +#if !defined(LT__STRL_H) +#define LT__STRL_H 1 + +#if defined(HAVE_CONFIG_H) +# include HAVE_CONFIG_H +#endif + +#include +#include "lt_system.h" + +#if !defined(HAVE_STRLCAT) +# define strlcat(dst,src,dstsize) lt_strlcat(dst,src,dstsize) +LT_SCOPE size_t lt_strlcat(char *dst, const char *src, const size_t dstsize); +#endif /* !defined(HAVE_STRLCAT) */ + +#if !defined(HAVE_STRLCPY) +# define strlcpy(dst,src,dstsize) lt_strlcpy(dst,src,dstsize) +LT_SCOPE size_t lt_strlcpy(char *dst, const char *src, const size_t dstsize); +#endif /* !defined(HAVE_STRLCPY) */ + +#endif /*!defined(LT__STRL_H)*/ Index: m4/ltdl.m4 =================================================================== RCS file: /cvsroot/libtool/libtool/m4/ltdl.m4,v retrieving revision 1.20.2.3 diff -u -r1.20.2.3 ltdl.m4 --- m4/ltdl.m4 29 Nov 2004 20:58:55 -0000 1.20.2.3 +++ m4/ltdl.m4 12 Dec 2004 20:23:42 -0000 @@ -188,6 +188,7 @@ AC_CHECK_HEADERS([string.h strings.h], [break], [], [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([closedir opendir readdir], [], [AC_LIBOBJ([lt__dirent])]) +AC_CHECK_FUNCS([strlcat strlcpy]) ])# LTDL_INIT # Old name: