Skip to content

Commit 55c84a5

Browse files
keeskees
committed
fortify: strcat: Move definition to use fortified strlcat()
Move the definition of fortified strcat() to after strlcat() to use it for bounds checking. Signed-off-by: Kees Cook <keescook@chromium.org>
1 parent 605395c commit 55c84a5

File tree

1 file changed

+26
-27
lines changed

1 file changed

+26
-27
lines changed

include/linux/fortify-string.h

Lines changed: 26 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -151,33 +151,6 @@ char *strncpy(char * const POS p, const char *q, __kernel_size_t size)
151151
return __underlying_strncpy(p, q, size);
152152
}
153153

154-
/**
155-
* strcat - Append a string to an existing string
156-
*
157-
* @p: pointer to NUL-terminated string to append to
158-
* @q: pointer to NUL-terminated source string to append from
159-
*
160-
* Do not use this function. While FORTIFY_SOURCE tries to avoid
161-
* read and write overflows, this is only possible when the
162-
* destination buffer size is known to the compiler. Prefer
163-
* building the string with formatting, via scnprintf() or similar.
164-
* At the very least, use strncat().
165-
*
166-
* Returns @p.
167-
*
168-
*/
169-
__FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2)
170-
char *strcat(char * const POS p, const char *q)
171-
{
172-
const size_t p_size = __member_size(p);
173-
174-
if (p_size == SIZE_MAX)
175-
return __underlying_strcat(p, q);
176-
if (strlcat(p, q, p_size) >= p_size)
177-
fortify_panic(__func__);
178-
return p;
179-
}
180-
181154
extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
182155
/**
183156
* strnlen - Return bounded count of characters in a NUL-terminated string
@@ -435,6 +408,32 @@ size_t strlcat(char * const POS p, const char * const POS q, size_t avail)
435408
return wanted;
436409
}
437410

411+
/* Defined after fortified strlcat() to reuse it. */
412+
/**
413+
* strcat - Append a string to an existing string
414+
*
415+
* @p: pointer to NUL-terminated string to append to
416+
* @q: pointer to NUL-terminated source string to append from
417+
*
418+
* Do not use this function. While FORTIFY_SOURCE tries to avoid
419+
* read and write overflows, this is only possible when the
420+
* destination buffer size is known to the compiler. Prefer
421+
* building the string with formatting, via scnprintf() or similar.
422+
* At the very least, use strncat().
423+
*
424+
* Returns @p.
425+
*
426+
*/
427+
__FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2)
428+
char *strcat(char * const POS p, const char *q)
429+
{
430+
const size_t p_size = __member_size(p);
431+
432+
if (strlcat(p, q, p_size) >= p_size)
433+
fortify_panic(__func__);
434+
return p;
435+
}
436+
438437
/**
439438
* strncat - Append a string to an existing string
440439
*

0 commit comments

Comments
 (0)