Closed JosiahWI closed 1 week ago
This fix is incorrect and introduces a buffer overflow vulnerability because strlcpy
returns the total length of the source string, not the destination string.
Should be good now.
Both GCC and CLang seem to be very good at evaluation strlen for string constants at runtime: https://godbolt.org/z/fqnd5Pb4n . So, we should change TextView and remove the complicated attempts to avoid calling strlen.
The template overload for C string literals doesn't seem to work anyway: https://godbolt.org/z/5cTWxYq9v
Fixes #11449.
This adds an overload ofRecGetRecordString
that takes an out-parameter for the size of the content copied into the out buffer. It updatesRecHTTPLoadIpAddrsFromConfVars
to use this parameter to get the buffer size to use when initializing the TextView for parsing, so that we only parse the actual content and ignore the uninitialized part of the buffer.This passes the length of the value read to the TextView constructor so that it only parses the actual content and ignores the uninitialized part of the buffer.