Re: BUG in ltdl.c - here's a PATCH

[Albert Chin]

On Fri, Jun 14, 2002 at 01:23:37PM -0500, Bob Friesenhahn wrote:
> On 14 Jun 2002, Lutz Müller wrote:
> > Not quite right. We need to terminate the filename after dir_name got
> > copied over it without a terminating '\0'. That is, you could do a
> >
> > strncpy (filename, dir_name, strlen (dir_name));
> > filename[strlen (dir_name)] = '\0';
> 
> The normal case is that you use strncpy() in order to not overrun the
> target buffer.  That means that the maximum number of characters to
> copy should be based on the target buffer size and not on the length
> of the source string.  If filename was statically allocated, you could
> use sizeof() to determine the target buffer size, otherwise you will
> need to remember the size of the allocation.
>
> Your example is no better than strcpy().  It allows overrunning the
> target buffer. 
> 
> Perhaps strncpy() is overused and it would be more useful to use
> strlen() to verify that the source string will entirely fit in the
> destination buffer so that an error can be flagged if the string will
> be truncated.  An error report is usually more valuable than a
> truncated string.
> 
> Another possibility (if string concatenation is not being performed)
> is to use strdup() so that the allocation and copy may be performed in
> one operation.

Do we need the strncpy guard if we have the preceding test?
  if (lendir +1 +lenbase >= filenamesize)

Anyway, deciding on a difference between strcpy/strdup is how many
times we currently call LT_EMALLOC through the loop. Having strdup
would certainly make the code cleaner.

-- 
albert chin (address@hidden)