replace: Don't run over dst in strlcat

If "d" is not 0-terminated, the pure strlen will read beyond the end
of the given bufsize. strlcat in libbsd deliberately avoids this, so we
should do the same.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index 37edb310c59ecde926eb0144e9c273df632aa5c9..effe5defe6c674f5feb1d1e2ff1336c47bad207a 100644 (file)
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -84,7 +84,7 @@ size_t rep_strlcpy(char *d, const char *s, size_t bufsize)
    be one more than the maximum resulting string length */
 size_t rep_strlcat(char *d, const char *s, size_t bufsize)
 {
-       size_t len1 = strlen(d);
+       size_t len1 = strnlen(d, bufsiz);
        size_t len2 = strlen(s);
        size_t ret = len1 + len2;