[master] cleanup strcat/strcpy

4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of strlcpy() and strlcat() for safety. [RT #45981]

[master] cleanup strcat/strcpy
4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of strlcpy() and strlcat() for safety. [RT #45981]
114f9508 · Evan Hunt · 20502f35 · 114f9508 · 114f9508 · 114f9508
Commit 114f9508 authored Sep 13, 2017 by Evan Hunt
--- a/CHANGES
+++ b/CHANGES
+4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
+			strlcpy() and strlcat() for safety. [RT #45981]
+
 4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
 			options now apply to CDNSKEY and DS records as well
 			as DNSKEY. Thanks to Tony Finch. [RT #45689]

--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@@ -209,8 +209,9 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));

 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -398,8 +399,9 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));

 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -483,8 +485,9 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));

 	result = getaddrinfo(namebuf, NULL, &hints, &ai);

--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -2074,7 +2074,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		lookup->trace_root = ISC_TF(lookup->trace ||
 					    lookup->ns_search_only);
 		lookup->new_search = ISC_TRUE;
-		strcpy(lookup->textname, ".");
+		strlcpy(lookup->textname, ".", sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ns;
 		lookup->rdtypeset = ISC_TRUE;
 		if (firstarg) {

--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1743,7 +1743,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
 				       namestr, isc_result_totext(lresult));
 				if (addresses_result == ISC_R_SUCCESS) {
 					addresses_result = lresult;
-					strcpy(bad_namestr, namestr);
+					strlcpy(bad_namestr, namestr,
+						sizeof(bad_namestr));
 				}
 			}
 			numLookups += num;
@@ -3925,7 +3926,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
 		if (resultp == NULL)
 			fatal("couldn't get address for '%s': %s",
 			      host, isc_result_totext(result));
-		return 0;
+		return (0);
 	}

 	for (i = 0; i < count; i++) {
@@ -3935,7 +3936,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
 		ISC_LIST_APPEND(lookup->my_server_list, srv, link);
 	}

-	return count;
+	return (count);
 }

 /*%
@@ -4170,7 +4171,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org,
 	 */
 	if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success)
 		return (ISC_R_SUCCESS);
-	strcpy(tmp1, tmp2);
+	strlcpy(tmp1, tmp2, MAXDLEN);

 	/*
 	 * Copy the converted contents in 'tmp1' back to 'buffer'.
@@ -4197,17 +4198,17 @@ append_textname(char *name, const char *origin, size_t namesize) {

 	/* Already absolute? */
 	if (namelen > 0 && name[namelen - 1] == '.')
-		return idn_success;
+		return (idn_success);

 	/* Append dot and origin */

 	if (namelen + 1 + originlen >= namesize)
-		return idn_buffer_overflow;
+		return (idn_buffer_overflow);

 	if (*origin != '.')
 		name[namelen++] = '.';
-	(void)strcpy(name + namelen, origin);
-	return idn_success;
+	(void)strlcpy(name + namelen, origin, namesize - namelen);
+	return (idn_success);
 }

 static void

--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -2816,8 +2816,8 @@ writeset(const char *prefix, dns_rdatatype_t type) {
 		sprintf(filename, "%s/", dsdir);
 	else
 		filename[0] = 0;
-	strcat(filename, prefix);
-	strcat(filename, namestr);
+	strlcat(filename, prefix, filenamelen);
+	strlcat(filename, namestr, filenamelen);

 	dns_diff_init(mctx, &diff);


--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -1258,11 +1258,11 @@ named_main_setmemstats(const char *filename) {
 		free(memstats);
 		memstats = NULL;
 	}
+
 	if (filename == NULL)
 		return;
-	memstats = malloc(strlen(filename) + 1);
-	if (memstats)
-		strcpy(memstats, filename);
+
+	memstats = strdup(filename);
 }

 #ifdef HAVE_LIBSCF

--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1821,7 +1821,8 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
 			(s6[prefixlen/8] >> 4) & 0xf);
 		cp += 4;
 	}
-	strcat(cp, "ip6.arpa.");
+
+	strlcat(reverse, "ip6.arpa.", sizeof(reverse));

 	/*
 	 * Create the actual zone.
@@ -12088,7 +12089,7 @@ migrate_nzf(dns_view_t *view) {
 	 */
 	strlcpy(tempname, view->new_zone_file, sizeof(tempname));
 	if (strlen(tempname) < sizeof(tempname) - 1) {
-		strcat(tempname, "~");
+		strlcat(tempname, "~", sizeof(tempname));
 		isc_file_rename(view->new_zone_file, tempname);
 	}


--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -1061,7 +1061,7 @@ getuname(void) {

 	memset(&uts, 0, sizeof(uts));
 	if (uname(&uts) < 0) {
-		strcpy(unamebuf, "unknown architecture");
+		snprintf(unamebuf, sizeof(unamebuf), "unknown architecture");
 		return;
 	}

@@ -1069,7 +1069,7 @@ getuname(void) {
 		 "%s %s %s %s",
 		 uts.sysname, uts.machine, uts.release, uts.version);
 #else
-	strcpy(unamebuf, "unknown architecture");
+	snprintf(unamebuf, sizeof(unamebuf), "unknown architecture");
 #endif
 	unamep = unamebuf;
 }

--- a/bin/tests/db_test.c
+++ b/bin/tests/db_test.c
@@ -374,9 +374,7 @@ main(int argc, char *argv[]) {
 	RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) ==
 		      ISC_R_SUCCESS);

-
-
-	strcpy(dbtype, "rbt");
+	snprintf(dbtype, sizeof(dbtype), "rbt");
 	while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT"))
 	       != -1) {
 		switch (ch) {

--- a/bin/tests/hash_test.c
+++ b/bin/tests/hash_test.c
@@ -108,7 +108,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacmd5", digest, 4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacmd5_init(&hmacmd5, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
@@ -140,7 +140,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha1_init(&hmacsha1, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
@@ -171,7 +171,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha224_init(&hmacsha224, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
@@ -202,7 +202,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha256_init(&hmacsha256, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
@@ -233,7 +233,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha384_init(&hmacsha384, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
@@ -264,7 +264,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha512_init(&hmacsha512, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));

--- a/bin/tests/shutdown_test.c
+++ b/bin/tests/shutdown_test.c
@@ -136,9 +136,10 @@ new_task(isc_mem_t *mctx, const char *name) {
 	ti->ticks = 0;
 	if (name != NULL) {
 		INSIST(strlen(name) < sizeof(ti->name));
-		strcpy(ti->name, name);
-	} else
-		sprintf(ti->name, "%d", task_count);
+		strlcpy(ti->name, name, sizeof(ti->name));
+	} else {
+		snprintf(ti->name, sizeof(ti->name), "%d", task_count);
+	}
 	RUNTIME_CHECK(isc_task_create(task_manager, 0, &ti->task) ==
 		      ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_task_onshutdown(ti->task, shutdown_action, ti) ==

--- a/bin/tests/sock_test.c
+++ b/bin/tests/sock_test.c
@@ -173,14 +173,16 @@ my_connect(isc_task_t *task, isc_event_t *event) {
 	 * Send a GET string, and set up to receive (and just display)
 	 * the result.
 	 */
-	strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
-	       "Connection: Close\r\n\r\n");
+	snprintf(buf, sizeof(buf),
+		 "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
+		 "Connection: Close\r\n\r\n");
 	region.base = isc_mem_get(mctx, strlen(buf) + 1);
 	if (region.base != NULL) {
 		region.length = strlen(buf) + 1;
 		strcpy((char *)region.base, buf);  /* This strcpy is safe. */
-	} else
+	} else {
 		region.length = 0;
+	}

 	isc_socket_send(sock, &region, task, my_http_get, event->ev_arg);


--- a/bin/tests/system/dlzexternal/driver.c
+++ b/bin/tests/system/dlzexternal/driver.c
@@ -231,6 +231,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
 	char soa_data[1024];
 	const char *extra;
 	isc_result_t result;
+	size_t znsize;
 	int n;

 	UNUSED(dlzname);
@@ -255,15 +256,17 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
 	}

 	/* Ensure zone name is absolute */
-	state->zone_name = malloc(strlen(argv[1]) + 2);
+	znsize = strlen(argv[1]) + 2;
+	state->zone_name = malloc(znsize);
 	if (state->zone_name == NULL) {
 		free(state);
 		return (ISC_R_NOMEMORY);
 	}
-	if (argv[1][strlen(argv[1]) - 1] == '.')
-		strcpy(state->zone_name, argv[1]);
-	else
-		sprintf(state->zone_name, "%s.", argv[1]);
+	if (argv[1][strlen(argv[1]) - 1] == '.') {
+		strlcpy(state->zone_name, argv[1], znsize);
+	} else {
+		snprintf(state->zone_name, znsize, "%s.", argv[1]);
+	}

 	if (strcmp(state->zone_name, ".") == 0)
 		extra = ".root";
@@ -326,7 +329,7 @@ dlz_findzonedb(void *dbdata, const char *name,
 	char addrbuf[100];
 	char absolute[1024];

-	strcpy(addrbuf, "unknown");
+	strlcpy(addrbuf, "unknown", sizeof(addrbuf));
 	if (methods != NULL &&
 	    methods->sourceip != NULL &&
 	    methods->version - methods->age <= DNS_CLIENTINFOMETHODS_VERSION &&
@@ -455,7 +458,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
 	}

 	if (strcmp(name, "source-addr") == 0) {
-		strcpy(buf, "unknown");
+		strlcpy(buf, "unknown", sizeof(buf));
 		if (methods != NULL &&
 		    methods->sourceip != NULL &&
 		    (methods->version - methods->age <=

--- a/lib/bind9/getaddresses.c
+++ b/lib/bind9/getaddresses.c
@@ -6,8 +6,6 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

-/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */
-
 /*! \file */

 #include <config.h>
@@ -19,6 +17,7 @@
 #include <isc/netscope.h>
 #include <isc/result.h>
 #include <isc/sockaddr.h>
+#include <isc/string.h>
 #include <isc/util.h>

 #include <bind9/getaddresses.h>
@@ -81,7 +80,7 @@ bind9_getaddresses(const char *hostname, in_port_t port,
 		char tmpbuf[128], *d;
 		isc_uint32_t zone = 0;

-		strcpy(tmpbuf, hostname);
+		strlcpy(tmpbuf, hostname, sizeof(tmpbuf));
 		d = strchr(tmpbuf, '%');
 		if (d != NULL)
 			*d = '\0';

--- a/lib/dns/byaddr.c
+++ b/lib/dns/byaddr.c
@@ -80,6 +80,8 @@ dns_byaddr_createptrname2(const isc_netaddr_t *address, unsigned int options,
 			       (bytes[1] & 0xff),
 			       (bytes[0] & 0xff));
 	} else if (address->family == AF_INET6) {
+		size_t remaining;
+
 		cp = textname;
 		for (i = 15; i >= 0; i--) {
 			*cp++ = hex_digits[bytes[i] & 0x0f];
@@ -87,10 +89,12 @@ dns_byaddr_createptrname2(const isc_netaddr_t *address, unsigned int options,
 			*cp++ = hex_digits[(bytes[i] >> 4) & 0x0f];
 			*cp++ = '.';
 		}
-		if ((options & DNS_BYADDROPT_IPV6INT) != 0)
-			strcpy(cp, "ip6.int.");
-		else
-			strcpy(cp, "ip6.arpa.");
+		remaining = sizeof(textname) - (cp - textname);
+		if ((options & DNS_BYADDROPT_IPV6INT) != 0) {
+			strlcpy(cp, "ip6.int.", remaining);
+		} else {
+			strlcpy(cp, "ip6.arpa.", remaining);
+		}
 	} else
 		return (ISC_R_NOTIMPLEMENTED);


--- a/lib/dns/dnsrps.c
+++ b/lib/dns/dnsrps.c
@@ -955,7 +955,9 @@ static dns_dbmethods_t rpsdb_db_methods = {
 	NULL,			/* setcachestats */
 	NULL,			/* hashsize */
 	NULL,			/* nodefullname */
-	NULL			/* getsize */
+	NULL,			/* getsize */
+	NULL,			/* setservestalettl */
+	NULL,			/* getservestalettl */
 };

 static dns_rdatasetmethods_t rpsdb_rdataset_methods = {

--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -530,7 +530,7 @@ main(int argc, char **argv) {
 	for (i = 0; i < TYPENAMES; i++)
 		memset(&typenames[i], 0, sizeof(typenames[i]));

-	strcpy(srcdir, "");
+	srcdir[0] = '\0';
 	while ((c = isc_commandline_parse(argc, argv, "cdits:F:P:S:")) != -1)
 		switch (c) {
 		case 'c':
@@ -620,12 +620,15 @@ main(int argc, char **argv) {
 			n = snprintf(year, sizeof(year), "-%d",
 				     tm->tm_year + 1900);
 			INSIST(n > 0 && (unsigned)n < sizeof(year));
-		} else
-			strcpy(year, "-2016");
-	} else
-		strcpy(year, "-2016");
+		} else {
+			snprintf(year, sizeof(year), "-2016");
+		}
+	} else {
+		snprintf(year, sizeof(year), "-2016");
+	}

-	if (!depend) fprintf(stdout, copyright, year);
+	if (!depend)
+		fprintf(stdout, copyright, year);

 	if (code) {
 		fputs("#ifndef DNS_CODE_H\n", stdout);

--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -724,7 +724,7 @@ genname(char *name, int it, char *buffer, size_t length) {
 				continue;
 			}
 			nibblemode = ISC_FALSE;
-			strcpy(fmt, "%d");
+			strlcpy(fmt, "%d", sizeof(fmt));
 			/* Get format specifier. */
 			if (*name == '{' ) {
 				n = sscanf(name, "{%d,%u,%1[doxXnN]}",

--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@@ -1659,7 +1659,7 @@ dns_name_tofilenametext(const dns_name_t *name, isc_boolean_t omit_final_dot,
 				} else {
 					if (trem < 3)
 						return (ISC_R_NOSPACE);
-					sprintf(tdata, "%%%02X", c);
+					snprintf(tdata, trem, "%%%02X", c);
 					tdata += 3;
 					trem -= 3;
 					ndata++;

--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -1241,7 +1241,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
 			dns_name_format(&rbtdb->common.origin, buf,
 					sizeof(buf));
 		else
-			strcpy(buf, "<UNKNOWN>");
+			strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 		isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 			      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 			      "done free_rbtdb(%s)", buf);
@@ -1367,7 +1367,7 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) {
 				dns_name_format(&rbtdb->common.origin, buf,
 						sizeof(buf));
 			} else {
-				strcpy(buf, "<UNKNOWN>");
+				strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 			}
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
@@ -5509,7 +5509,7 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) {
 				dns_name_format(&rbtdb->common.origin, buf,
 						sizeof(buf));
 			else
-				strcpy(buf, "<UNKNOWN>");
+				strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 				      "calling free_rbtdb(%s)", buf);