From db3de444320033c08adb38f1f60899a1f9347f56 Mon Sep 17 00:00:00 2001 From: Pietro Gagliardi Date: Sun, 9 Jun 2019 14:06:16 -0400 Subject: [PATCH] Collapsed the strsafe*_impl files. strdup_impl is still a mess, but to fix that we'll need to both clean up the static nonsense and other stuff in testingpriv.c. --- sharedbits/strsafe_impl.h | 46 ++++++++++++++++++++++++++-- sharedbits/strsafe_strncpy_impl.h | 50 ------------------------------- 2 files changed, 44 insertions(+), 52 deletions(-) delete mode 100644 sharedbits/strsafe_strncpy_impl.h diff --git a/sharedbits/strsafe_impl.h b/sharedbits/strsafe_impl.h index 70f5ebd0..d2b11693 100644 --- a/sharedbits/strsafe_impl.h +++ b/sharedbits/strsafe_impl.h @@ -24,6 +24,48 @@ int sharedbitsPrefixName(Vsnprintf)(char *s, size_t n, const char *fmt, va_list #endif } -#include "end.h" +#ifdef _WIN32 +#ifdef sharedbitsInternalError +#define sharedbitsprivInternalError sharedbitsInternalError +#else +#define sharedbitsprivInternalError sharedbitsPrefixName(InternalError) +#include "printfwarn_header.h" +#ifdef sharedbitsStatic +sharedbitsStatic +#else +extern +#endif +sharedbitsPrintfFunc( + void sharedbitsprivInternalError(const char *fmt, ...), + 1, 2); +#endif +#endif -#include "strsafe_strncpy_impl.h" +#ifdef sharedbitsStatic +sharedbitsStatic +#endif +char *sharedbitsPrefixName(Strncpy)(char *dest, const char *src, size_t n) +{ +#ifdef _WIN32 + errno_t err; + + // because strncpy_s() doesn't do this + memset(dest, '\0', n * sizeof (char)); + err = strncpy_s(dest, n, src, _TRUNCATE); + if (err != 0 && err != STRUNCATE) + // Yes folks, apparently strerror() is unsafe (it's not reentrant, but that's not the point of the MSVC security functions; that's about buffer overflows, and as you'll soon see there really is no need for what the "safe' version is given reentrancy concerns), and not only that, but the replacement, strerror_s(), requires copying and allocation! it's almost like they were TRYING to shove as many error conditions as possible in! + // Oh, and you can't just use _sys_errlist[] to bypass this, because even that has a deprecation warning, telling you to use strerror() instead, which in turn sends you back to strerror_s()! + // Of course, the fact _sys_errlist[] is a thing and that it's deprecated out of security and not reentrancy shows that the error strings returned by strerror()/strerror_s() are static and unchanging throughout the lifetime of the program, so a truly reentrant strerror_s() would just return the raw const string array directly, or a placeholder like "unknown error" otherwise, but that would be too easy! + // And even better, there's no way to get the length of the error message, so you can't even dynamically allocate a large enough buffer if you wanted to! + // (Furthermore, cppreference.com says there's strerrorlen_s(), but a) fuck C11, and b) MSDN does not concur.) + // So, alas, you'll have to live with just having the error code; sorry. + sharedbitsprivInternalError("error calling strncpy_s(): %d", err); + return dest; +#else + return strncpy(dest, src, n); +#endif +} + +#undef sharedbitsprivInternalError + +#include "end.h" diff --git a/sharedbits/strsafe_strncpy_impl.h b/sharedbits/strsafe_strncpy_impl.h deleted file mode 100644 index 2c49a9af..00000000 --- a/sharedbits/strsafe_strncpy_impl.h +++ /dev/null @@ -1,50 +0,0 @@ -// 31 may 2019 -// only requires strsafe_header.h if you don't define sharedbitsStatic as static - -#include "start.h" - -#ifdef _WIN32 -#ifdef sharedbitsInternalError -#define sharedbitsprivInternalError sharedbitsInternalError -#else -#define sharedbitsprivInternalError sharedbitsPrefixName(InternalError) -#include "printfwarn_header.h" -#ifdef sharedbitsStatic -sharedbitsStatic -#else -extern -#endif -sharedbitsPrintfFunc( - void sharedbitsprivInternalError(const char *fmt, ...), - 1, 2); -#endif -#endif - -#ifdef sharedbitsStatic -sharedbitsStatic -#endif -char *sharedbitsPrefixName(Strncpy)(char *dest, const char *src, size_t n) -{ -#ifdef _WIN32 - errno_t err; - - // because strncpy_s() doesn't do this - memset(dest, '\0', n * sizeof (char)); - err = strncpy_s(dest, n, src, _TRUNCATE); - if (err != 0 && err != STRUNCATE) - // Yes folks, apparently strerror() is unsafe (it's not reentrant, but that's not the point of the MSVC security functions; that's about buffer overflows, and as you'll soon see there really is no need for what the "safe' version is given reentrancy concerns), and not only that, but the replacement, strerror_s(), requires copying and allocation! it's almost like they were TRYING to shove as many error conditions as possible in! - // Oh, and you can't just use _sys_errlist[] to bypass this, because even that has a deprecation warning, telling you to use strerror() instead, which in turn sends you back to strerror_s()! - // Of course, the fact _sys_errlist[] is a thing and that it's deprecated out of security and not reentrancy shows that the error strings returned by strerror()/strerror_s() are static and unchanging throughout the lifetime of the program, so a truly reentrant strerror_s() would just return the raw const string array directly, or a placeholder like "unknown error" otherwise, but that would be too easy! - // And even better, there's no way to get the length of the error message, so you can't even dynamically allocate a large enough buffer if you wanted to! - // (Furthermore, cppreference.com says there's strerrorlen_s(), but a) fuck C11, and b) MSDN does not concur.) - // So, alas, you'll have to live with just having the error code; sorry. - sharedbitsprivInternalError("error calling strncpy_s(): %d", err); - return dest; -#else - return strncpy(dest, src, n); -#endif -} - -#undef sharedbitsprivInternalError - -#include "end.h"