[#MXS-348] Incorrect use of strncat

[MXS-348] Incorrect use of strncat Created: 2015-09-02 Updated: 2016-08-12 Resolved: 2016-08-12
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	Core
Affects Version/s:	1.1.1, 1.2.0, 1.3.0, 1.4.0
Fix Version/s:	2.1.0

Type:

Bug

Priority:

Major

Reporter:

martin brampton (Inactive)

Assignee:

Johan Wikman

Resolution:

Fixed

Votes:

Labels:

None

Environment:

All

Issue Links:

Blocks
is blocked by	~~MXS-355~~	String handling	Closed

Sprint:

2016-12, 2016-13, 2016-15

Description

The function strncat is used 29 times at present, and appears to be subject to a widespread misunderstanding. The function does NOT limit the length of the result to the value of the final parameter. It limits the number of characters added to the value of the final parameter. So, a safe use of strncat would be:
strncat(str1, str2, sizeof(str1) - sizeof(str2) - 1);
I am not recommending that exact construction, simply giving it as an illustration of correct use of the size limit in strncat.

Comments

Comment by Johan Wikman [ 2015-09-05 ]

Significantly increased the original (originated from me) estimate. This cannot be done as a simple mechanical task, but the code must be carefully analysed before making modifications. This walks hand in hand with ~~MXS-253~~.

Comment by Johan Wikman [ 2015-09-07 ]

Lowering priority to minor.

Not using strncat the way it is supposed to be used is clearly a bug, but given that this usage has been in MaxScale from the start, it is not likely to start causing crashes now. The buffers are most likely big enough so that the potential problem does not manifest itself.

This is better handled as as part of the general refactoring to be done post 1.3.

Comment by Johan Wikman [ 2016-02-29 ]

Moving to 1.5.

Comment by Johan Wikman [ 2016-05-31 ]

Moving to 2.1.0. In many places strncat is used correctly and where it isn't, it does not seem to cause a problem.

However, even if strncat were technically correctly used, its use would still be questionable. The correct use of strncat will prevent a buffer overrun, but if the buffer is too small it seems that in most cases you'll end up with an unusable result. So, if it cannot be certain that there will be enough space, that should be checked explicitly and if there isn't an error should be generated. And if it is known there is enough space, there is no reason not to use strNcpy.

Comment by Johan Wikman [ 2016-08-12 ]

The strncat usage has been reviewed and corrected were necessary.

The remaining strncat usage appears correct, although is somewhat dubious.

Generated at Thu Feb 08 03:58:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-348] Incorrect use of strncat Created: 2015-09-02 Updated: 2016-08-12 Resolved: 2016-08-12