direct-io.hg

changeset 13665:647c06ba0b49

Remove strcat/strncat/strcmp/strncmp. Replaced with safer
alternatives (including a new implementation of strlcat).
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Mon Jan 29 16:04:43 2007 +0000 (2007-01-29)
parents d2784d93e760
children 699656fb1d0b
files xen/arch/x86/cpu/cyrix.c xen/arch/x86/setup.c xen/common/string.c xen/include/xen/string.h
line diff
     1.1 --- a/xen/arch/x86/cpu/cyrix.c	Mon Jan 29 15:01:33 2007 +0000
     1.2 +++ b/xen/arch/x86/cpu/cyrix.c	Mon Jan 29 16:04:43 2007 +0000
     1.3 @@ -302,7 +302,7 @@ static void __init init_cyrix(struct cpu
     1.4  		break;
     1.5  	}
     1.6  	safe_strcpy(c->x86_model_id, Cx86_model[dir0_msn & 7]);
     1.7 -	if (p) strcat(c->x86_model_id, p);
     1.8 +	if (p) safe_strcat(c->x86_model_id, p);
     1.9  	return;
    1.10  }
    1.11  
     2.1 --- a/xen/arch/x86/setup.c	Mon Jan 29 15:01:33 2007 +0000
     2.2 +++ b/xen/arch/x86/setup.c	Mon Jan 29 16:04:43 2007 +0000
     2.3 @@ -751,19 +751,19 @@ void __init __start_xen(multiboot_info_t
     2.4              safe_strcpy(dom0_cmdline, cmdline);
     2.5          }
     2.6  
     2.7 -        cmdline = dom0_cmdline;
     2.8 -
     2.9          /* Append any extra parameters. */
    2.10 -        if ( skip_ioapic_setup && !strstr(cmdline, "noapic") )
    2.11 -            strcat(cmdline, " noapic");
    2.12 +        if ( skip_ioapic_setup && !strstr(dom0_cmdline, "noapic") )
    2.13 +            safe_strcat(dom0_cmdline, " noapic");
    2.14          if ( acpi_skip_timer_override &&
    2.15 -             !strstr(cmdline, "acpi_skip_timer_override") )
    2.16 -            strcat(cmdline, " acpi_skip_timer_override");
    2.17 -        if ( (strlen(acpi_param) != 0) && !strstr(cmdline, "acpi=") )
    2.18 +             !strstr(dom0_cmdline, "acpi_skip_timer_override") )
    2.19 +            safe_strcat(dom0_cmdline, " acpi_skip_timer_override");
    2.20 +        if ( (strlen(acpi_param) != 0) && !strstr(dom0_cmdline, "acpi=") )
    2.21          {
    2.22 -            strcat(cmdline, " acpi=");
    2.23 -            strcat(cmdline, acpi_param);
    2.24 +            safe_strcat(dom0_cmdline, " acpi=");
    2.25 +            safe_strcat(dom0_cmdline, acpi_param);
    2.26          }
    2.27 +
    2.28 +        cmdline = dom0_cmdline;
    2.29      }
    2.30  
    2.31      if ( (initrdidx > 0) && (initrdidx < mbi->mods_count) )
     3.1 --- a/xen/common/string.c	Mon Jan 29 15:01:33 2007 +0000
     3.2 +++ b/xen/common/string.c	Mon Jan 29 16:04:43 2007 +0000
     3.3 @@ -41,44 +41,6 @@ int strnicmp(const char *s1, const char 
     3.4  }
     3.5  #endif
     3.6  
     3.7 -#ifndef __HAVE_ARCH_STRCPY
     3.8 -/**
     3.9 - * strcpy - Copy a %NUL terminated string
    3.10 - * @dest: Where to copy the string to
    3.11 - * @src: Where to copy the string from
    3.12 - */
    3.13 -char * strcpy(char * dest,const char *src)
    3.14 -{
    3.15 -	char *tmp = dest;
    3.16 -
    3.17 -	while ((*dest++ = *src++) != '\0')
    3.18 -		/* nothing */;
    3.19 -	return tmp;
    3.20 -}
    3.21 -#endif
    3.22 -
    3.23 -#ifndef __HAVE_ARCH_STRNCPY
    3.24 -/**
    3.25 - * strncpy - Copy a length-limited, %NUL-terminated string
    3.26 - * @dest: Where to copy the string to
    3.27 - * @src: Where to copy the string from
    3.28 - * @count: The maximum number of bytes to copy
    3.29 - *
    3.30 - * Note that unlike userspace strncpy, this does not %NUL-pad the buffer.
    3.31 - * However, the result is not %NUL-terminated if the source exceeds
    3.32 - * @count bytes.
    3.33 - */
    3.34 -char * strncpy(char * dest,const char *src,size_t count)
    3.35 -{
    3.36 -	char *tmp = dest;
    3.37 -
    3.38 -	while (count-- && (*dest++ = *src++) != '\0')
    3.39 -		/* nothing */;
    3.40 -
    3.41 -	return tmp;
    3.42 -}
    3.43 -#endif
    3.44 -
    3.45  #ifndef __HAVE_ARCH_STRLCPY
    3.46  /**
    3.47   * strlcpy - Copy a %NUL terminated string into a sized buffer
    3.48 @@ -105,52 +67,33 @@ size_t strlcpy(char *dest, const char *s
    3.49  EXPORT_SYMBOL(strlcpy);
    3.50  #endif
    3.51  
    3.52 -#ifndef __HAVE_ARCH_STRCAT
    3.53 -/**
    3.54 - * strcat - Append one %NUL-terminated string to another
    3.55 - * @dest: The string to be appended to
    3.56 - * @src: The string to append to it
    3.57 - */
    3.58 -char * strcat(char * dest, const char * src)
    3.59 -{
    3.60 -	char *tmp = dest;
    3.61 -
    3.62 -	while (*dest)
    3.63 -		dest++;
    3.64 -	while ((*dest++ = *src++) != '\0')
    3.65 -		;
    3.66 -
    3.67 -	return tmp;
    3.68 -}
    3.69 -#endif
    3.70 -
    3.71 -#ifndef __HAVE_ARCH_STRNCAT
    3.72 +#ifndef __HAVE_ARCH_STRLCAT
    3.73  /**
    3.74 - * strncat - Append a length-limited, %NUL-terminated string to another
    3.75 - * @dest: The string to be appended to
    3.76 - * @src: The string to append to it
    3.77 - * @count: The maximum numbers of bytes to copy
    3.78 + * strlcat - Append a %NUL terminated string into a sized buffer
    3.79 + * @dest: Where to copy the string to
    3.80 + * @src: Where to copy the string from
    3.81 + * @size: size of destination buffer
    3.82   *
    3.83 - * Note that in contrast to strncpy, strncat ensures the result is
    3.84 - * terminated.
    3.85 + * Compatible with *BSD: the result is always a valid
    3.86 + * NUL-terminated string that fits in the buffer (unless,
    3.87 + * of course, the buffer size is zero).
    3.88   */
    3.89 -char * strncat(char *dest, const char *src, size_t count)
    3.90 +size_t strlcat(char *dest, const char *src, size_t size)
    3.91  {
    3.92 -	char *tmp = dest;
    3.93 +	size_t slen = strlen(src);
    3.94 +	size_t dlen = strnlen(dest, size);
    3.95 +	char *p = dest + dlen;
    3.96  
    3.97 -	if (count) {
    3.98 -		while (*dest)
    3.99 -			dest++;
   3.100 -		while ((*dest++ = *src++)) {
   3.101 -			if (--count == 0) {
   3.102 -				*dest = '\0';
   3.103 -				break;
   3.104 -			}
   3.105 -		}
   3.106 -	}
   3.107 +	while ((p - dest) < size)
   3.108 +		if ((*p++ = *src++) == '\0')
   3.109 +			break;
   3.110  
   3.111 -	return tmp;
   3.112 +	if (dlen < size)
   3.113 +		*(p-1) = '\0';
   3.114 +
   3.115 +	return slen + dlen;
   3.116  }
   3.117 +EXPORT_SYMBOL(strlcat);
   3.118  #endif
   3.119  
   3.120  #ifndef __HAVE_ARCH_STRCMP
     4.1 --- a/xen/include/xen/string.h	Mon Jan 29 15:01:33 2007 +0000
     4.2 +++ b/xen/include/xen/string.h	Mon Jan 29 16:04:43 2007 +0000
     4.3 @@ -19,20 +19,20 @@ extern __kernel_size_t strspn(const char
     4.4   */
     4.5  #include <asm/string.h>
     4.6  
     4.7 -#ifndef __HAVE_ARCH_STRCPY
     4.8 -extern char * strcpy(char *,const char *);
     4.9 -#endif
    4.10 -#ifndef __HAVE_ARCH_STRNCPY
    4.11 -extern char * strncpy(char *,const char *, __kernel_size_t);
    4.12 -#endif
    4.13 +/*
    4.14 + * These string functions are considered too dangerous for normal use.
    4.15 + * Use safe_strcpy(), safe_strcat(), strlcpy(), strlcat() as appropriate.
    4.16 + */
    4.17 +#define strcpy  __xen_has_no_strcpy__
    4.18 +#define strcat  __xen_has_no_strcat__
    4.19 +#define strncpy __xen_has_no_strncpy__
    4.20 +#define strncat __xen_has_no_strncat__
    4.21 +
    4.22  #ifndef __HAVE_ARCH_STRLCPY
    4.23  extern size_t strlcpy(char *,const char *, __kernel_size_t);
    4.24  #endif
    4.25 -#ifndef __HAVE_ARCH_STRCAT
    4.26 -extern char * strcat(char *, const char *);
    4.27 -#endif
    4.28 -#ifndef __HAVE_ARCH_STRNCAT
    4.29 -extern char * strncat(char *, const char *, __kernel_size_t);
    4.30 +#ifndef __HAVE_ARCH_STRLCAT
    4.31 +extern size_t strlcat(char *,const char *, __kernel_size_t);
    4.32  #endif
    4.33  #ifndef __HAVE_ARCH_STRCMP
    4.34  extern int strcmp(const char *,const char *);
    4.35 @@ -82,6 +82,8 @@ extern void * memchr(const void *,int,__
    4.36  }
    4.37  #endif
    4.38  
    4.39 -#define safe_strcpy(d, s) strlcpy(d, s, sizeof(d))
    4.40 +/* safe_xxx always NUL-terminates and returns !=0 if result is truncated. */
    4.41 +#define safe_strcpy(d, s) (strlcpy(d, s, sizeof(d)) >= sizeof(d))
    4.42 +#define safe_strcat(d, s) (strlcat(d, s, sizeof(d)) >= sizeof(d))
    4.43  
    4.44  #endif /* _LINUX_STRING_H_ */