[master] cleanup strcat/strcpy

4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
			strlcpy() and strlcat() for safety. [RT #45981]

CHANGES

+4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
+			strlcpy() and strlcat() for safety. [RT #45981]
+
 4721.	[func]		'dnssec-signzone -x' and 'dnssec-dnskey-kskonly'
 			options now apply to CDNSKEY and DS records as well
 			as DNSKEY. Thanks to Tony Finch. [RT #45689]

bin/check/check-tool.c

@@ -209,8 +209,9 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
 
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -398,8 +399,9 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
 
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -483,8 +485,9 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
 
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);

bin/dig/dig.c

@@ -2074,7 +2074,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		lookup->trace_root = ISC_TF(lookup->trace ||
 					    lookup->ns_search_only);
 		lookup->new_search = ISC_TRUE;
-		strcpy(lookup->textname, ".");
+		strlcpy(lookup->textname, ".", sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ns;
 		lookup->rdtypeset = ISC_TRUE;
 		if (firstarg) {

bin/dig/dighost.c

@@ -1743,7 +1743,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
 				       namestr, isc_result_totext(lresult));
 				if (addresses_result == ISC_R_SUCCESS) {
 					addresses_result = lresult;
-					strcpy(bad_namestr, namestr);
+					strlcpy(bad_namestr, namestr,
+						sizeof(bad_namestr));
 				}
 			}
 			numLookups += num;
@@ -3925,7 +3926,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
 		if (resultp == NULL)
 			fatal("couldn't get address for '%s': %s",
 			      host, isc_result_totext(result));
-		return 0;
+		return (0);
 	}
 
 	for (i = 0; i < count; i++) {
@@ -3935,7 +3936,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
 		ISC_LIST_APPEND(lookup->my_server_list, srv, link);
 	}
 
-	return count;
+	return (count);
 }
 
 /*%
@@ -4170,7 +4171,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org,
 	 */
 	if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success)
 		return (ISC_R_SUCCESS);
-	strcpy(tmp1, tmp2);
+	strlcpy(tmp1, tmp2, MAXDLEN);
 
 	/*
 	 * Copy the converted contents in 'tmp1' back to 'buffer'.
@@ -4197,17 +4198,17 @@ append_textname(char *name, const char *origin, size_t namesize) {
 
 	/* Already absolute? */
 	if (namelen > 0 && name[namelen - 1] == '.')
-		return idn_success;
+		return (idn_success);
 
 	/* Append dot and origin */
 
 	if (namelen + 1 + originlen >= namesize)
-		return idn_buffer_overflow;
+		return (idn_buffer_overflow);
 
 	if (*origin != '.')
 		name[namelen++] = '.';
-	(void)strcpy(name + namelen, origin);
-	return idn_success;
+	(void)strlcpy(name + namelen, origin, namesize - namelen);
+	return (idn_success);
 }
 
 static void

bin/dnssec/dnssec-signzone.c

@@ -2816,8 +2816,8 @@ writeset(const char *prefix, dns_rdatatype_t type) {
 		sprintf(filename, "%s/", dsdir);
 	else
 		filename[0] = 0;
-	strcat(filename, prefix);
-	strcat(filename, namestr);
+	strlcat(filename, prefix, filenamelen);
+	strlcat(filename, namestr, filenamelen);
 
 	dns_diff_init(mctx, &diff);
 

bin/named/main.c

@@ -1258,11 +1258,11 @@ named_main_setmemstats(const char *filename) {
 		free(memstats);
 		memstats = NULL;
 	}
+
 	if (filename == NULL)
 		return;
-	memstats = malloc(strlen(filename) + 1);
-	if (memstats)
-		strcpy(memstats, filename);
+
+	memstats = strdup(filename);
 }
 
 #ifdef HAVE_LIBSCF

bin/named/server.c

@@ -1821,7 +1821,8 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
 			(s6[prefixlen/8] >> 4) & 0xf);
 		cp += 4;
 	}
-	strcat(cp, "ip6.arpa.");
+
+	strlcat(reverse, "ip6.arpa.", sizeof(reverse));
 
 	/*
 	 * Create the actual zone.
@@ -12088,7 +12089,7 @@ migrate_nzf(dns_view_t *view) {
 	 */
 	strlcpy(tempname, view->new_zone_file, sizeof(tempname));
 	if (strlen(tempname) < sizeof(tempname) - 1) {
-		strcat(tempname, "~");
+		strlcat(tempname, "~", sizeof(tempname));
 		isc_file_rename(view->new_zone_file, tempname);
 	}
 

bin/named/unix/os.c

@@ -1061,7 +1061,7 @@ getuname(void) {
 
 	memset(&uts, 0, sizeof(uts));
 	if (uname(&uts) < 0) {
-		strcpy(unamebuf, "unknown architecture");
+		snprintf(unamebuf, sizeof(unamebuf), "unknown architecture");
 		return;
 	}
 
@@ -1069,7 +1069,7 @@ getuname(void) {
 		 "%s %s %s %s",
 		 uts.sysname, uts.machine, uts.release, uts.version);
 #else
-	strcpy(unamebuf, "unknown architecture");
+	snprintf(unamebuf, sizeof(unamebuf), "unknown architecture");
 #endif
 	unamep = unamebuf;
 }

bin/tests/db_test.c

@@ -374,9 +374,7 @@ main(int argc, char *argv[]) {
 	RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) ==
 		      ISC_R_SUCCESS);
 
-
-
-	strcpy(dbtype, "rbt");
+	snprintf(dbtype, sizeof(dbtype), "rbt");
 	while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT"))
 	       != -1) {
 		switch (ch) {

bin/tests/hash_test.c

@@ -108,7 +108,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacmd5", digest, 4);
 
 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacmd5_init(&hmacmd5, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
@@ -140,7 +140,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
 
 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha1_init(&hmacsha1, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
@@ -171,7 +171,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
 
 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha224_init(&hmacsha224, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
@@ -202,7 +202,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
 
 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha256_init(&hmacsha256, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
@@ -233,7 +233,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
 
 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha384_init(&hmacsha384, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
@@ -264,7 +264,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
 
 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha512_init(&hmacsha512, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));

bin/tests/shutdown_test.c

@@ -136,9 +136,10 @@ new_task(isc_mem_t *mctx, const char *name) {
 	ti->ticks = 0;
 	if (name != NULL) {
 		INSIST(strlen(name) < sizeof(ti->name));
-		strcpy(ti->name, name);
-	} else
-		sprintf(ti->name, "%d", task_count);
+		strlcpy(ti->name, name, sizeof(ti->name));
+	} else {
+		snprintf(ti->name, sizeof(ti->name), "%d", task_count);
+	}
 	RUNTIME_CHECK(isc_task_create(task_manager, 0, &ti->task) ==
 		      ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_task_onshutdown(ti->task, shutdown_action, ti) ==

bin/tests/sock_test.c

@@ -173,14 +173,16 @@ my_connect(isc_task_t *task, isc_event_t *event) {
 	 * Send a GET string, and set up to receive (and just display)
 	 * the result.
 	 */
-	strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
-	       "Connection: Close\r\n\r\n");
+	snprintf(buf, sizeof(buf),
+		 "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
+		 "Connection: Close\r\n\r\n");
 	region.base = isc_mem_get(mctx, strlen(buf) + 1);
 	if (region.base != NULL) {
 		region.length = strlen(buf) + 1;
 		strcpy((char *)region.base, buf);  /* This strcpy is safe. */
-	} else
+	} else {
 		region.length = 0;
+	}
 
 	isc_socket_send(sock, &region, task, my_http_get, event->ev_arg);
 

bin/tests/system/dlzexternal/driver.c

@@ -231,6 +231,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
 	char soa_data[1024];
 	const char *extra;
 	isc_result_t result;
+	size_t znsize;
 	int n;
 
 	UNUSED(dlzname);
@@ -255,15 +256,17 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
 	}
 
 	/* Ensure zone name is absolute */
-	state->zone_name = malloc(strlen(argv[1]) + 2);
+	znsize = strlen(argv[1]) + 2;
+	state->zone_name = malloc(znsize);
 	if (state->zone_name == NULL) {
 		free(state);
 		return (ISC_R_NOMEMORY);
 	}
-	if (argv[1][strlen(argv[1]) - 1] == '.')
-		strcpy(state->zone_name, argv[1]);
-	else
-		sprintf(state->zone_name, "%s.", argv[1]);
+	if (argv[1][strlen(argv[1]) - 1] == '.') {
+		strlcpy(state->zone_name, argv[1], znsize);
+	} else {
+		snprintf(state->zone_name, znsize, "%s.", argv[1]);
+	}
 
 	if (strcmp(state->zone_name, ".") == 0)
 		extra = ".root";
@@ -326,7 +329,7 @@ dlz_findzonedb(void *dbdata, const char *name,
 	char addrbuf[100];
 	char absolute[1024];
 
-	strcpy(addrbuf, "unknown");
+	strlcpy(addrbuf, "unknown", sizeof(addrbuf));
 	if (methods != NULL &&
 	    methods->sourceip != NULL &&
 	    methods->version - methods->age <= DNS_CLIENTINFOMETHODS_VERSION &&
@@ -455,7 +458,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
 	}
 
 	if (strcmp(name, "source-addr") == 0) {
-		strcpy(buf, "unknown");
+		strlcpy(buf, "unknown", sizeof(buf));
 		if (methods != NULL &&
 		    methods->sourceip != NULL &&
 		    (methods->version - methods->age <=

lib/bind9/getaddresses.c

@@ -6,8 +6,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 
-/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */
-
 /*! \file */
 
 #include <config.h>
@@ -19,6 +17,7 @@
 #include <isc/netscope.h>
 #include <isc/result.h>
 #include <isc/sockaddr.h>
+#include <isc/string.h>
 #include <isc/util.h>
 
 #include <bind9/getaddresses.h>
@@ -81,7 +80,7 @@ bind9_getaddresses(const char *hostname, in_port_t port,
 		char tmpbuf[128], *d;
 		isc_uint32_t zone = 0;
 
-		strcpy(tmpbuf, hostname);
+		strlcpy(tmpbuf, hostname, sizeof(tmpbuf));
 		d = strchr(tmpbuf, '%');
 		if (d != NULL)
 			*d = '\0';

lib/dns/byaddr.c

@@ -80,6 +80,8 @@ dns_byaddr_createptrname2(const isc_netaddr_t *address, unsigned int options,
 			       (bytes[1] & 0xff),
 			       (bytes[0] & 0xff));
 	} else if (address->family == AF_INET6) {
+		size_t remaining;
+
 		cp = textname;
 		for (i = 15; i >= 0; i--) {
 			*cp++ = hex_digits[bytes[i] & 0x0f];
@@ -87,10 +89,12 @@ dns_byaddr_createptrname2(const isc_netaddr_t *address, unsigned int options,
 			*cp++ = hex_digits[(bytes[i] >> 4) & 0x0f];
 			*cp++ = '.';
 		}
-		if ((options & DNS_BYADDROPT_IPV6INT) != 0)
-			strcpy(cp, "ip6.int.");
-		else
-			strcpy(cp, "ip6.arpa.");
+		remaining = sizeof(textname) - (cp - textname);
+		if ((options & DNS_BYADDROPT_IPV6INT) != 0) {
+			strlcpy(cp, "ip6.int.", remaining);
+		} else {
+			strlcpy(cp, "ip6.arpa.", remaining);
+		}
 	} else
 		return (ISC_R_NOTIMPLEMENTED);
 

lib/dns/dnsrps.c

@@ -955,7 +955,9 @@ static dns_dbmethods_t rpsdb_db_methods = {
 	NULL,			/* setcachestats */
 	NULL,			/* hashsize */
 	NULL,			/* nodefullname */
-	NULL			/* getsize */
+	NULL,			/* getsize */
+	NULL,			/* setservestalettl */
+	NULL,			/* getservestalettl */
 };
 
 static dns_rdatasetmethods_t rpsdb_rdataset_methods = {

lib/dns/gen.c

@@ -530,7 +530,7 @@ main(int argc, char **argv) {
 	for (i = 0; i < TYPENAMES; i++)
 		memset(&typenames[i], 0, sizeof(typenames[i]));
 
-	strcpy(srcdir, "");
+	srcdir[0] = '\0';
 	while ((c = isc_commandline_parse(argc, argv, "cdits:F:P:S:")) != -1)
 		switch (c) {
 		case 'c':
@@ -620,12 +620,15 @@ main(int argc, char **argv) {
 			n = snprintf(year, sizeof(year), "-%d",
 				     tm->tm_year + 1900);
 			INSIST(n > 0 && (unsigned)n < sizeof(year));
-		} else
-			strcpy(year, "-2016");
-	} else
-		strcpy(year, "-2016");
+		} else {
+			snprintf(year, sizeof(year), "-2016");
+		}
+	} else {
+		snprintf(year, sizeof(year), "-2016");
+	}
 
-	if (!depend) fprintf(stdout, copyright, year);
+	if (!depend)
+		fprintf(stdout, copyright, year);
 
 	if (code) {
 		fputs("#ifndef DNS_CODE_H\n", stdout);

lib/dns/master.c

@@ -724,7 +724,7 @@ genname(char *name, int it, char *buffer, size_t length) {
 				continue;
 			}
 			nibblemode = ISC_FALSE;
-			strcpy(fmt, "%d");
+			strlcpy(fmt, "%d", sizeof(fmt));
 			/* Get format specifier. */
 			if (*name == '{' ) {
 				n = sscanf(name, "{%d,%u,%1[doxXnN]}",

lib/dns/name.c

@@ -1659,7 +1659,7 @@ dns_name_tofilenametext(const dns_name_t *name, isc_boolean_t omit_final_dot,
 				} else {
 					if (trem < 3)
 						return (ISC_R_NOSPACE);
-					sprintf(tdata, "%%%02X", c);
+					snprintf(tdata, trem, "%%%02X", c);
 					tdata += 3;
 					trem -= 3;
 					ndata++;

lib/dns/rbtdb.c

@@ -1241,7 +1241,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
 			dns_name_format(&rbtdb->common.origin, buf,
 					sizeof(buf));
 		else
-			strcpy(buf, "<UNKNOWN>");
+			strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 		isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 			      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 			      "done free_rbtdb(%s)", buf);
@@ -1367,7 +1367,7 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) {
 				dns_name_format(&rbtdb->common.origin, buf,
 						sizeof(buf));
 			} else {
-				strcpy(buf, "<UNKNOWN>");
+				strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 			}
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
@@ -5509,7 +5509,7 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) {
 				dns_name_format(&rbtdb->common.origin, buf,
 						sizeof(buf));
 			else
-				strcpy(buf, "<UNKNOWN>");
+				strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 				      "calling free_rbtdb(%s)", buf);

lib/dns/resolver.c

@@ -4498,8 +4498,8 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
 	 */
 	dns_name_format(name, buf, sizeof(buf));
 	dns_rdatatype_format(type, typebuf, sizeof(typebuf));
-	strcat(buf, "/");       /* checked */
-	strcat(buf, typebuf);   /* checked */
+	strlcat(buf, "/", sizeof(buf));
+	strlcat(buf, typebuf, sizeof(buf));
 	fctx->info = isc_mem_strdup(mctx, buf);
 	if (fctx->info == NULL) {
 		result = ISC_R_NOMEMORY;

lib/dns/tests/geoip_test.c

@@ -140,7 +140,7 @@ do_lookup_string(const char *addr, isc_uint8_t *scope,
 	isc_netaddr_fromin(&na, &in4);
 
 	elt.subtype = subtype;
-	strcpy(elt.as_string, string);
+	strlcpy(elt.as_string, string, sizeof(elt.as_string));
 
 	return (dns_geoip_match(&na, scope, &geoip, &elt));
 }
@@ -157,7 +157,7 @@ do_lookup_string_v6(const char *addr, isc_uint8_t *scope,
 	isc_netaddr_fromin6(&na, &in6);
 
 	elt.subtype = subtype;
-	strcpy(elt.as_string, string);
+	strlcpy(elt.as_string, string, sizeof(elt.as_string));
 
 	return (dns_geoip_match(&na, scope, &geoip, &elt));
 }

lib/dns/tests/gost_test.c

@@ -66,16 +66,16 @@ tohexstr(unsigned char *d, unsigned int len, char *out);
 
 isc_result_t
 tohexstr(unsigned char *d, unsigned int len, char *out) {
-
-	out[0]='\0';
 	char c_ret[] = "AA";
 	unsigned int j;
-	strcat(out, "0x");
+	int size = len * 2 + 1;
+
+	out[0] = '\0';
+	strlcat(out, "0x", size);
 	for (j = 0; j < len; j++) {
-		sprintf(c_ret, "%02X", d[j]);
-		strcat(out, c_ret);
+		snprintf(c_ret, sizeof(c_ret), "%02X", d[j]);
+		strlcat(out, c_ret, size);
 	}
-	strcat(out, "\0");
 	return (ISC_R_SUCCESS);
 }
 

lib/dns/tests/master_test.c

@@ -82,7 +82,7 @@ setup_master(void (*warn)(struct dns_rdatacallbacks *, const char *, ...),
 	isc_buffer_t		source;
 	isc_buffer_t		target;
 
-	strcpy(origin, TEST_ORIGIN);
+	strlcpy(origin, TEST_ORIGIN, sizeof(origin));
 	len = strlen(origin);
 	isc_buffer_init(&source, origin, len);
 	isc_buffer_add(&source, len);
@@ -552,7 +552,7 @@ ATF_TC_BODY(dumpraw, tc) {
 
 	UNUSED(tc);
 
-	strcpy(myorigin, TEST_ORIGIN);
+	strlcpy(myorigin, TEST_ORIGIN, sizeof(myorigin));
 	len = strlen(myorigin);
 	isc_buffer_init(&source, myorigin, len);
 	isc_buffer_add(&source, len);

lib/dns/tsig.c

@@ -154,28 +154,31 @@ tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) {
 
 	if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE)
 		return;
-	if (key != NULL)
+	if (key != NULL) {
 		dns_name_format(&key->name, namestr, sizeof(namestr));
-	else
-		strcpy(namestr, "<null>");
+	} else {
+		strlcpy(namestr, "<null>", sizeof(namestr));
+	}
 
-	if (key != NULL && key->generated && key->creator)
+	if (key != NULL && key->generated && key->creator) {
 		dns_name_format(key->creator, creatorstr, sizeof(creatorstr));
-	else
-		strcpy(creatorstr, "<null>");
+	} else {
+		strlcpy(creatorstr, "<null>", sizeof(creatorstr));
+	}
 
 	va_start(ap, fmt);
 	vsnprintf(message, sizeof(message), fmt, ap);
 	va_end(ap);
-	if (key != NULL && key->generated)
+	if (key != NULL && key->generated) {
 		isc_log_write(dns_lctx,
 			      DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG,
 			      level, "tsig key '%s' (%s): %s",
 			      namestr, creatorstr, message);
-	else
+	} else {
 		isc_log_write(dns_lctx,
 			      DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG,
 			      level, "tsig key '%s': %s", namestr, message);
+	}
 }
 
 static void

lib/dns/xfrin.c

@@ -1021,8 +1021,9 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) {
 	result = isc_socket_getsockname(xfr->socket, &sockaddr);
 	if (result == ISC_R_SUCCESS) {
 		isc_sockaddr_format(&sockaddr, sourcetext, sizeof(sourcetext));
-	} else
-		strcpy(sourcetext, "<UNKNOWN>");
+	} else {
+		strlcpy(sourcetext, "<UNKNOWN>", sizeof(sourcetext));
+	}
 
 	if (xfr->tsigkey != NULL && xfr->tsigkey->key != NULL) {
 		dns_name_format(dst_key_name(xfr->tsigkey->key),

lib/dns/zone.c

@@ -1388,7 +1388,7 @@ dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx) {
 		tmp2 += (zone->db_argc + 1) * sizeof(char *);
 		for (i = 0; i < zone->db_argc; i++) {
 			*tmp++ = tmp2;
-			strcpy(tmp2, zone->db_argv[i]);