* [musl] Re: [PATCH] wcscat: Replace call of vulnerable function
[not found] <20240324172627.29640-1-maks.mishinFZ@gmail.com>
@ 2024-03-24 17:50 ` Rich Felker
0 siblings, 0 replies; only message in thread
From: Rich Felker @ 2024-03-24 17:50 UTC (permalink / raw)
To: Maks Mishin; +Cc: musl
On Sun, Mar 24, 2024 at 08:26:27PM +0300, Maks Mishin wrote:
> Use of vulnerable function 'wcscpy' at wcscat.c:5.
> This function is unsafe, use wcsncpy instead.
>
> Found by RASU JSC.
>
> Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
> ---
> src/string/wcscat.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/string/wcscat.c b/src/string/wcscat.c
> index d4f00ebd..b4e4b2eb 100644
> --- a/src/string/wcscat.c
> +++ b/src/string/wcscat.c
> @@ -2,6 +2,6 @@
>
> wchar_t *wcscat(wchar_t *restrict dest, const wchar_t *restrict src)
> {
> - wcscpy(dest + wcslen(dest), src);
> + wcsncpy(dest + wcslen(dest), src, sizeof dest);
> return dest;
> }
> --
> 2.30.2
Wrong for same reason as the sprintf one.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-24 17:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20240324172627.29640-1-maks.mishinFZ@gmail.com>
2024-03-24 17:50 ` [musl] Re: [PATCH] wcscat: Replace call of vulnerable function Rich Felker
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).