Caught pants down with strlcpy() vs strncpy() semantics

- rstrlcpy() calculates source string size regardless of length limit,
  but cpio fields are fixed length character arrays, not strings -> kaboom
- wondering if zero-terminating strncpy() variant might be more fit to our
  purposes than strlcpy()-clone

diff --git a/lib/cpio.c b/lib/cpio.c
index a4af575..92cdbc5 100644 (file)
--- a/lib/cpio.c
+++ b/lib/cpio.c
@@ -11,7 +11,6 @@
 
 #include <rpm/rpmio.h>
 #include <rpm/rpmlog.h>
-#include <rpm/rpmstring.h>
 
 #include "lib/cpio.h"
 #include "lib/fsm.h"
@@ -32,7 +31,8 @@ static int strntoul(const char *str,char **endptr, int base, size_t num)
     char buf[num+1], * end;
     unsigned long ret;
 
-    rstrlcpy(buf, str, num+1);
+    strncpy(buf, str, num);
+    buf[num] = '\0';
 
     ret = strtoul(buf, &end, base);
     if (*end != '\0')