[Opendnssec-develop] string handling
Jakob Schlyter
jakob at kirei.se
Tue Apr 7 18:06:14 UTC 2009
On 7 apr 2009, at 12.37, Rickard Bondeson wrote:
> Author: rb
> Date: 2009-04-07 12:37:14 +0200 (Tue, 07 Apr 2009)
> New Revision: 394
>
> Modified:
> trunk/softHSM/src/lib/SoftDatabase.cpp
> Log:
> We do not want to zero fill the token label.
>
>
> Modified: trunk/softHSM/src/lib/SoftDatabase.cpp
> ===================================================================
> --- trunk/softHSM/src/lib/SoftDatabase.cpp 2009-04-07 09:56:46 UTC
> (rev 393)
> +++ trunk/softHSM/src/lib/SoftDatabase.cpp 2009-04-07 10:37:14 UTC
> (rev 394)
> @@ -103,7 +103,12 @@
>
> if(sqlite3_step(select_sql) == SQLITE_ROW) {
> const char *tokenLabel = (const
> char*)sqlite3_column_text(select_sql, 0);
> - strncpy(retLabel, tokenLabel, 32);
> +
> + int counter = 0;
> + while(tokenLabel[counter] != '\0' && counter < 32) {
> + retLabel[counter] = tokenLabel[counter];
> + counter++;
> + }
> }
>
> sqlite3_finalize(select_sql);
>
I'd just like to make a more public note regarding string handling in
OpenDNSSEC; as long as possible we should should strlcpy(3) and
strlcat(3) instead of home-brewn similar functions. if we need to
support platforms that does not have those functions, we'll import
compat-version from OpenSSH.
also, while we're at this specific example. static lengths (as 32
above) should never be used - either #define them if a constant (like
the size of a token label) or better use sizeof() when possible. I'll
make a review of stuff like this, but it's better to get rid of them
before that
so Rickard, please fix the stuff above and use strlcpy(3) and #define
something like MAX_TOKEN_LABEL_LENGTH somewhere.
jakob, senior buffer and string management officer
More information about the Opendnssec-develop
mailing list