fortify: strcat: Move definition to use fortified strlcat()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Move the definition of fortified strcat() to after strlcat() to use it
for bounds checking.

Signed-off-by: Kees Cook <keescook@chromium.org>

Kees Cook 2 years ago 55c84a5c 605395cd

+26 -27

1 changed file

expand all

include

linux

fortify-string.h

+26 -27

include/linux/fortify-string.h

··· 151 151 return __underlying_strncpy(p, q, size); 152 152 } 153 153 154 - /** 155 - * strcat - Append a string to an existing string 156 - * 157 - * @p: pointer to NUL-terminated string to append to 158 - * @q: pointer to NUL-terminated source string to append from 159 - * 160 - * Do not use this function. While FORTIFY_SOURCE tries to avoid 161 - * read and write overflows, this is only possible when the 162 - * destination buffer size is known to the compiler. Prefer 163 - * building the string with formatting, via scnprintf() or similar. 164 - * At the very least, use strncat(). 165 - * 166 - * Returns @p. 167 - * 168 - */ 169 - __FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2) 170 - char *strcat(char * const POS p, const char *q) 171 - { 172 - const size_t p_size = __member_size(p); 173 - 174 - if (p_size == SIZE_MAX) 175 - return __underlying_strcat(p, q); 176 - if (strlcat(p, q, p_size) >= p_size) 177 - fortify_panic(__func__); 178 - return p; 179 - } 180 - 181 154 extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); 182 155 /** 183 156 * strnlen - Return bounded count of characters in a NUL-terminated string ··· 406 433 p[actual] = '\0'; 407 434 408 435 return wanted; 436 + } 437 + 438 + /* Defined after fortified strlcat() to reuse it. */ 439 + /** 440 + * strcat - Append a string to an existing string 441 + * 442 + * @p: pointer to NUL-terminated string to append to 443 + * @q: pointer to NUL-terminated source string to append from 444 + * 445 + * Do not use this function. While FORTIFY_SOURCE tries to avoid 446 + * read and write overflows, this is only possible when the 447 + * destination buffer size is known to the compiler. Prefer 448 + * building the string with formatting, via scnprintf() or similar. 449 + * At the very least, use strncat(). 450 + * 451 + * Returns @p. 452 + * 453 + */ 454 + __FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2) 455 + char *strcat(char * const POS p, const char *q) 456 + { 457 + const size_t p_size = __member_size(p); 458 + 459 + if (strlcat(p, q, p_size) >= p_size) 460 + fortify_panic(__func__); 461 + return p; 409 462 } 410 463 411 464 /**