lib/string: Fix strcpy and strcpy_isr implementation

Current version of the strncpy and strncpy_isr pads with 0 remaining n-1 bytes after copying src string so strcpy shouldn't use strncpy with len = SIZE_MAX because this will cause buffer overflow. Signed-off-by: Oleksii Moisieiev <[email protected]> Reviewed-by: Michalis Pappas <[email protected]> Approved-by: Simon Kuenzer <[email protected]> GitHub-Closes: unikraft#1269
marcrittinghaus · Jan 23, 2024 · 4567716 · 4567716
1 parent 4769155
commit 4567716
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/isrlib/string.c b/lib/isrlib/string.c
@@ -171,7 +171,11 @@ char *strncpy_isr(char *dst, const char *src, size_t len)
 
 char *strcpy_isr(char *dst, const char *src)
 {
-	return strncpy_isr(dst, src, SIZE_MAX);
+	char *save = dst;
+
+	for (; (*dst = *src) != '\0'; ++src, ++dst)
+		;
+	return save;
 }
 
 int strncmp_isr(const char *str1, const char *str2, size_t len)

diff --git a/lib/nolibc/string.c b/lib/nolibc/string.c
@@ -171,7 +171,11 @@ char *strncpy(char *dst, const char *src, size_t len)
 
 char *strcpy(char *dst, const char *src)
 {
-	return strncpy(dst, src, SIZE_MAX);
+	char *save = dst;
+
+	for (; (*dst = *src) != '\0'; ++src, ++dst)
+		;
+	return save;
 }
 
 int strncmp(const char *str1, const char *str2, size_t len)