Ticket #78 (closed enhancement: fixed)
use strlcpy() instead of strncpy()
| Reported by: | ludovic | Owned by: | opensc-devel@… |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | opensc | Version: | trunk |
| Severity: | normal | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: |
Description
see http://www.opensc-project.org/pipermail/opensc-devel/2006-May/008563.html
Another solution is to use strlcpy instead of strncpy. strlcpy has been defined by OpenBSD as a safe replacement of strncpy. You can get it from [1]. I use it in pcsc-lite Some systems already provide it (OpenBSD, Darwin) so you need to add a check in configure.in
Change History
comment:2 Changed 6 years ago by Ludovic
I review the code and I don't think src/tools/opensc-explorer.c and src/pkcs15init/pkcs15-miocos.c need to use strlcpy()
in src/pkcs15init/pkcs15-miocos.c we have:
strncpy((char *) ac_info.unblock_value, (const char *) puk, puk_len);
and ac_info.unblock_value is a u8 unblock_value[8]; so adding a final NUL byte would be a bug if the PIN is 8 bytes long (it would be truncated to 7 bytes)
in src/tools/opensc-explorer.c we have:
strncpy((char *) buf, in_str+1, in_len);
and buf is a binary buffer and not a string. So using strlcpy() would be a bug also.
I may be wrong of course.
grep -R tells that src/tools/opensc-explorer.c and src/pkcs15init/pkcs15-miocos.c still use strncpy.