diff --git a/CHANGES b/CHANGES index b00baff4d92fec6deb4f923afb7f53c336ce8407..46638b4db68dfd6a1b7d0172306d3445b3311bb2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of + strlcpy() and strlcat() for safety. [RT #45981] + 4721. [func] 'dnssec-signzone -x' and 'dnssec-dnskey-kskonly' options now apply to CDNSKEY and DS records as well as DNSKEY. Thanks to Tony Finch. [RT #45689] diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 36aeabc2d9f0e9b55b649e1c9fb5d86d76d7e4eb..b5c3029d6512a4582f8562dc8ad87ef3004ce9b5 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -209,8 +209,9 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner, /* * Turn off search. */ - if (dns_name_countlabels(name) > 1U) - strcat(namebuf, "."); + if (dns_name_countlabels(name) > 1U) { + strlcat(namebuf, ".", sizeof(namebuf)); + } dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); result = getaddrinfo(namebuf, NULL, &hints, &ai); @@ -398,8 +399,9 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) { /* * Turn off search. */ - if (dns_name_countlabels(name) > 1U) - strcat(namebuf, "."); + if (dns_name_countlabels(name) > 1U) { + strlcat(namebuf, ".", sizeof(namebuf)); + } dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); result = getaddrinfo(namebuf, NULL, &hints, &ai); @@ -483,8 +485,9 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) { /* * Turn off search. */ - if (dns_name_countlabels(name) > 1U) - strcat(namebuf, "."); + if (dns_name_countlabels(name) > 1U) { + strlcat(namebuf, ".", sizeof(namebuf)); + } dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); result = getaddrinfo(namebuf, NULL, &hints, &ai); diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 6826845d84e5f60394c8cdbac780415bf4e82165..6735c1b84b4b11ebf0771555524341cc0acdb1c1 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -2074,7 +2074,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; - strcpy(lookup->textname, "."); + strlcpy(lookup->textname, ".", sizeof(lookup->textname)); lookup->rdtype = dns_rdatatype_ns; lookup->rdtypeset = ISC_TRUE; if (firstarg) { diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index c6752225499bda9eb4d62d2a32767b2870fa556a..4fc6b8b47d448f3e824f49e2bdcfa06a55fde9ee 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1743,7 +1743,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) namestr, isc_result_totext(lresult)); if (addresses_result == ISC_R_SUCCESS) { addresses_result = lresult; - strcpy(bad_namestr, namestr); + strlcpy(bad_namestr, namestr, + sizeof(bad_namestr)); } } numLookups += num; @@ -3925,7 +3926,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) { if (resultp == NULL) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); - return 0; + return (0); } for (i = 0; i < count; i++) { @@ -3935,7 +3936,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) { ISC_LIST_APPEND(lookup->my_server_list, srv, link); } - return count; + return (count); } /*% @@ -4170,7 +4171,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, */ if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success) return (ISC_R_SUCCESS); - strcpy(tmp1, tmp2); + strlcpy(tmp1, tmp2, MAXDLEN); /* * Copy the converted contents in 'tmp1' back to 'buffer'. @@ -4197,17 +4198,17 @@ append_textname(char *name, const char *origin, size_t namesize) { /* Already absolute? */ if (namelen > 0 && name[namelen - 1] == '.') - return idn_success; + return (idn_success); /* Append dot and origin */ if (namelen + 1 + originlen >= namesize) - return idn_buffer_overflow; + return (idn_buffer_overflow); if (*origin != '.') name[namelen++] = '.'; - (void)strcpy(name + namelen, origin); - return idn_success; + (void)strlcpy(name + namelen, origin, namesize - namelen); + return (idn_success); } static void diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 5d278a18a88963e74c885a67f679a8e1715c9b94..c1a758bb28bc11deba00ccc667355a2fca8327b7 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -2816,8 +2816,8 @@ writeset(const char *prefix, dns_rdatatype_t type) { sprintf(filename, "%s/", dsdir); else filename[0] = 0; - strcat(filename, prefix); - strcat(filename, namestr); + strlcat(filename, prefix, filenamelen); + strlcat(filename, namestr, filenamelen); dns_diff_init(mctx, &diff); diff --git a/bin/named/main.c b/bin/named/main.c index 1d05209e279b1eda810f0fb611f50e7907ed866f..3f6034a2aa92444e8cbf660c08280f0790014ed3 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1258,11 +1258,11 @@ named_main_setmemstats(const char *filename) { free(memstats); memstats = NULL; } + if (filename == NULL) return; - memstats = malloc(strlen(filename) + 1); - if (memstats) - strcpy(memstats, filename); + + memstats = strdup(filename); } #ifdef HAVE_LIBSCF diff --git a/bin/named/server.c b/bin/named/server.c index 323e7f526cf65286f120fb94e42f088029e54625..9fe61b5b8d1bb4c768d2c158a2e19eda343cf74c 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1821,7 +1821,8 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na, (s6[prefixlen/8] >> 4) & 0xf); cp += 4; } - strcat(cp, "ip6.arpa."); + + strlcat(reverse, "ip6.arpa.", sizeof(reverse)); /* * Create the actual zone. @@ -12088,7 +12089,7 @@ migrate_nzf(dns_view_t *view) { */ strlcpy(tempname, view->new_zone_file, sizeof(tempname)); if (strlen(tempname) < sizeof(tempname) - 1) { - strcat(tempname, "~"); + strlcat(tempname, "~", sizeof(tempname)); isc_file_rename(view->new_zone_file, tempname); } diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index b8b76f7359bc587acd2a7523e24284168ff51279..7b2ae1e9f21e9a0d12b7c383db4ab998be2de3ed 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1061,7 +1061,7 @@ getuname(void) { memset(&uts, 0, sizeof(uts)); if (uname(&uts) < 0) { - strcpy(unamebuf, "unknown architecture"); + snprintf(unamebuf, sizeof(unamebuf), "unknown architecture"); return; } @@ -1069,7 +1069,7 @@ getuname(void) { "%s %s %s %s", uts.sysname, uts.machine, uts.release, uts.version); #else - strcpy(unamebuf, "unknown architecture"); + snprintf(unamebuf, sizeof(unamebuf), "unknown architecture"); #endif unamep = unamebuf; } diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c index bf4fc65f94188c30eea10753fc863621ef9ea648..c7ed5c581785b8db185f7a8b76c937f153ab6802 100644 --- a/bin/tests/db_test.c +++ b/bin/tests/db_test.c @@ -374,9 +374,7 @@ main(int argc, char *argv[]) { RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) == ISC_R_SUCCESS); - - - strcpy(dbtype, "rbt"); + snprintf(dbtype, sizeof(dbtype), "rbt"); while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT")) != -1) { switch (ch) { diff --git a/bin/tests/hash_test.c b/bin/tests/hash_test.c index e37247c80af56260c0cf32d63084bf2ed51357f2..3ae50116786d2cc33017a31efef8d54821fd2133 100644 --- a/bin/tests/hash_test.c +++ b/bin/tests/hash_test.c @@ -108,7 +108,7 @@ main(int argc, char **argv) { print_digest(s, "hmacmd5", digest, 4); s = "what do ya want for nothing?"; - strcpy((char *)key, "Jefe"); + strlcpy((char *)key, "Jefe", sizeof(key)); isc_hmacmd5_init(&hmacmd5, key, 4); memmove(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); @@ -140,7 +140,7 @@ main(int argc, char **argv) { print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); s = "what do ya want for nothing?"; - strcpy((char *)key, "Jefe"); + strlcpy((char *)key, "Jefe", sizeof(key)); isc_hmacsha1_init(&hmacsha1, key, 4); memmove(buffer, s, strlen(s)); isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); @@ -171,7 +171,7 @@ main(int argc, char **argv) { print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); s = "what do ya want for nothing?"; - strcpy((char *)key, "Jefe"); + strlcpy((char *)key, "Jefe", sizeof(key)); isc_hmacsha224_init(&hmacsha224, key, 4); memmove(buffer, s, strlen(s)); isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); @@ -202,7 +202,7 @@ main(int argc, char **argv) { print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); s = "what do ya want for nothing?"; - strcpy((char *)key, "Jefe"); + strlcpy((char *)key, "Jefe", sizeof(key)); isc_hmacsha256_init(&hmacsha256, key, 4); memmove(buffer, s, strlen(s)); isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); @@ -233,7 +233,7 @@ main(int argc, char **argv) { print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); s = "what do ya want for nothing?"; - strcpy((char *)key, "Jefe"); + strlcpy((char *)key, "Jefe", sizeof(key)); isc_hmacsha384_init(&hmacsha384, key, 4); memmove(buffer, s, strlen(s)); isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); @@ -264,7 +264,7 @@ main(int argc, char **argv) { print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); s = "what do ya want for nothing?"; - strcpy((char *)key, "Jefe"); + strlcpy((char *)key, "Jefe", sizeof(key)); isc_hmacsha512_init(&hmacsha512, key, 4); memmove(buffer, s, strlen(s)); isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); diff --git a/bin/tests/shutdown_test.c b/bin/tests/shutdown_test.c index bd13caf791d10b164ef97ac12d0c5e1a617fa20e..ef58f1a461971c09554b6fd3179dd7374d453139 100644 --- a/bin/tests/shutdown_test.c +++ b/bin/tests/shutdown_test.c @@ -136,9 +136,10 @@ new_task(isc_mem_t *mctx, const char *name) { ti->ticks = 0; if (name != NULL) { INSIST(strlen(name) < sizeof(ti->name)); - strcpy(ti->name, name); - } else - sprintf(ti->name, "%d", task_count); + strlcpy(ti->name, name, sizeof(ti->name)); + } else { + snprintf(ti->name, sizeof(ti->name), "%d", task_count); + } RUNTIME_CHECK(isc_task_create(task_manager, 0, &ti->task) == ISC_R_SUCCESS); RUNTIME_CHECK(isc_task_onshutdown(ti->task, shutdown_action, ti) == diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c index d85e2ac63b991a0c9f73ca3b2e7f1f5f5101f60e..075dad4e87900bc03aac3705815c1c8f28af3fb3 100644 --- a/bin/tests/sock_test.c +++ b/bin/tests/sock_test.c @@ -173,14 +173,16 @@ my_connect(isc_task_t *task, isc_event_t *event) { * Send a GET string, and set up to receive (and just display) * the result. */ - strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n" - "Connection: Close\r\n\r\n"); + snprintf(buf, sizeof(buf), + "GET / HTTP/1.1\r\nHost: www.flame.org\r\n" + "Connection: Close\r\n\r\n"); region.base = isc_mem_get(mctx, strlen(buf) + 1); if (region.base != NULL) { region.length = strlen(buf) + 1; strcpy((char *)region.base, buf); /* This strcpy is safe. */ - } else + } else { region.length = 0; + } isc_socket_send(sock, ®ion, task, my_http_get, event->ev_arg); diff --git a/bin/tests/system/dlzexternal/driver.c b/bin/tests/system/dlzexternal/driver.c index 5377c9c8dc1dc963c97de1cc6aae173d4fb8ca8e..755fbb0a5409ebba70d6af7e40ef41379179a13d 100644 --- a/bin/tests/system/dlzexternal/driver.c +++ b/bin/tests/system/dlzexternal/driver.c @@ -231,6 +231,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], char soa_data[1024]; const char *extra; isc_result_t result; + size_t znsize; int n; UNUSED(dlzname); @@ -255,15 +256,17 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], } /* Ensure zone name is absolute */ - state->zone_name = malloc(strlen(argv[1]) + 2); + znsize = strlen(argv[1]) + 2; + state->zone_name = malloc(znsize); if (state->zone_name == NULL) { free(state); return (ISC_R_NOMEMORY); } - if (argv[1][strlen(argv[1]) - 1] == '.') - strcpy(state->zone_name, argv[1]); - else - sprintf(state->zone_name, "%s.", argv[1]); + if (argv[1][strlen(argv[1]) - 1] == '.') { + strlcpy(state->zone_name, argv[1], znsize); + } else { + snprintf(state->zone_name, znsize, "%s.", argv[1]); + } if (strcmp(state->zone_name, ".") == 0) extra = ".root"; @@ -326,7 +329,7 @@ dlz_findzonedb(void *dbdata, const char *name, char addrbuf[100]; char absolute[1024]; - strcpy(addrbuf, "unknown"); + strlcpy(addrbuf, "unknown", sizeof(addrbuf)); if (methods != NULL && methods->sourceip != NULL && methods->version - methods->age <= DNS_CLIENTINFOMETHODS_VERSION && @@ -455,7 +458,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata, } if (strcmp(name, "source-addr") == 0) { - strcpy(buf, "unknown"); + strlcpy(buf, "unknown", sizeof(buf)); if (methods != NULL && methods->sourceip != NULL && (methods->version - methods->age <= diff --git a/lib/bind9/getaddresses.c b/lib/bind9/getaddresses.c index 6efcde740d76783c545ea3e85cfd48855d5da64d..a724ed304b87ec52514bf94def1a37bae9fa42f1 100644 --- a/lib/bind9/getaddresses.c +++ b/lib/bind9/getaddresses.c @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */ - /*! \file */ #include @@ -19,6 +17,7 @@ #include #include #include +#include #include #include @@ -81,7 +80,7 @@ bind9_getaddresses(const char *hostname, in_port_t port, char tmpbuf[128], *d; isc_uint32_t zone = 0; - strcpy(tmpbuf, hostname); + strlcpy(tmpbuf, hostname, sizeof(tmpbuf)); d = strchr(tmpbuf, '%'); if (d != NULL) *d = '\0'; diff --git a/lib/dns/byaddr.c b/lib/dns/byaddr.c index 7c3de1922fb7e4f7a7421ab40fed9f8947dd2d12..c76aa86fa4f2aeda185dea4b85c78587196690ee 100644 --- a/lib/dns/byaddr.c +++ b/lib/dns/byaddr.c @@ -80,6 +80,8 @@ dns_byaddr_createptrname2(const isc_netaddr_t *address, unsigned int options, (bytes[1] & 0xff), (bytes[0] & 0xff)); } else if (address->family == AF_INET6) { + size_t remaining; + cp = textname; for (i = 15; i >= 0; i--) { *cp++ = hex_digits[bytes[i] & 0x0f]; @@ -87,10 +89,12 @@ dns_byaddr_createptrname2(const isc_netaddr_t *address, unsigned int options, *cp++ = hex_digits[(bytes[i] >> 4) & 0x0f]; *cp++ = '.'; } - if ((options & DNS_BYADDROPT_IPV6INT) != 0) - strcpy(cp, "ip6.int."); - else - strcpy(cp, "ip6.arpa."); + remaining = sizeof(textname) - (cp - textname); + if ((options & DNS_BYADDROPT_IPV6INT) != 0) { + strlcpy(cp, "ip6.int.", remaining); + } else { + strlcpy(cp, "ip6.arpa.", remaining); + } } else return (ISC_R_NOTIMPLEMENTED); diff --git a/lib/dns/dnsrps.c b/lib/dns/dnsrps.c index 4c52be30682943ce691c173d32971167ae9b307e..d059dfd82caa1f067cb18a23e4319bf48b937f5f 100644 --- a/lib/dns/dnsrps.c +++ b/lib/dns/dnsrps.c @@ -955,7 +955,9 @@ static dns_dbmethods_t rpsdb_db_methods = { NULL, /* setcachestats */ NULL, /* hashsize */ NULL, /* nodefullname */ - NULL /* getsize */ + NULL, /* getsize */ + NULL, /* setservestalettl */ + NULL, /* getservestalettl */ }; static dns_rdatasetmethods_t rpsdb_rdataset_methods = { diff --git a/lib/dns/gen.c b/lib/dns/gen.c index 30f94c1eefc7ae8141a58eb1dbe3e5faf4e6973b..404ff96563fce1300842cd140c513502d40613d0 100644 --- a/lib/dns/gen.c +++ b/lib/dns/gen.c @@ -530,7 +530,7 @@ main(int argc, char **argv) { for (i = 0; i < TYPENAMES; i++) memset(&typenames[i], 0, sizeof(typenames[i])); - strcpy(srcdir, ""); + srcdir[0] = '\0'; while ((c = isc_commandline_parse(argc, argv, "cdits:F:P:S:")) != -1) switch (c) { case 'c': @@ -620,12 +620,15 @@ main(int argc, char **argv) { n = snprintf(year, sizeof(year), "-%d", tm->tm_year + 1900); INSIST(n > 0 && (unsigned)n < sizeof(year)); - } else - strcpy(year, "-2016"); - } else - strcpy(year, "-2016"); + } else { + snprintf(year, sizeof(year), "-2016"); + } + } else { + snprintf(year, sizeof(year), "-2016"); + } - if (!depend) fprintf(stdout, copyright, year); + if (!depend) + fprintf(stdout, copyright, year); if (code) { fputs("#ifndef DNS_CODE_H\n", stdout); diff --git a/lib/dns/master.c b/lib/dns/master.c index f1ee6503a01ba227772b9adb524c4c2ed58c04a2..c7d5d2ca21e3056501ca73df4076eb015f788222 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -724,7 +724,7 @@ genname(char *name, int it, char *buffer, size_t length) { continue; } nibblemode = ISC_FALSE; - strcpy(fmt, "%d"); + strlcpy(fmt, "%d", sizeof(fmt)); /* Get format specifier. */ if (*name == '{' ) { n = sscanf(name, "{%d,%u,%1[doxXnN]}", diff --git a/lib/dns/name.c b/lib/dns/name.c index 0b8c6ddf519ac77f073b2d5f22e5473b54f8a134..46976da3729faa8281b3c79d05346fd929309816 100644 --- a/lib/dns/name.c +++ b/lib/dns/name.c @@ -1659,7 +1659,7 @@ dns_name_tofilenametext(const dns_name_t *name, isc_boolean_t omit_final_dot, } else { if (trem < 3) return (ISC_R_NOSPACE); - sprintf(tdata, "%%%02X", c); + snprintf(tdata, trem, "%%%02X", c); tdata += 3; trem -= 3; ndata++; diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 417597afa835516f9c437b6ca5154a06b5980904..3ec6241d4a9f10ba1e584340746f63af2ab3020b 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -1241,7 +1241,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { dns_name_format(&rbtdb->common.origin, buf, sizeof(buf)); else - strcpy(buf, ""); + strlcpy(buf, "", sizeof(buf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1), "done free_rbtdb(%s)", buf); @@ -1367,7 +1367,7 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) { dns_name_format(&rbtdb->common.origin, buf, sizeof(buf)); } else { - strcpy(buf, ""); + strlcpy(buf, "", sizeof(buf)); } isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1), @@ -5509,7 +5509,7 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) { dns_name_format(&rbtdb->common.origin, buf, sizeof(buf)); else - strcpy(buf, ""); + strlcpy(buf, "", sizeof(buf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1), "calling free_rbtdb(%s)", buf); diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index bb6b41ad41f14ff44a84fdba863275ee3efc9a36..2a2f1cc8adfc660f3cc95155a7ddad3d756ff3a6 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -4498,8 +4498,8 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type, */ dns_name_format(name, buf, sizeof(buf)); dns_rdatatype_format(type, typebuf, sizeof(typebuf)); - strcat(buf, "/"); /* checked */ - strcat(buf, typebuf); /* checked */ + strlcat(buf, "/", sizeof(buf)); + strlcat(buf, typebuf, sizeof(buf)); fctx->info = isc_mem_strdup(mctx, buf); if (fctx->info == NULL) { result = ISC_R_NOMEMORY; diff --git a/lib/dns/tests/geoip_test.c b/lib/dns/tests/geoip_test.c index 2b2dc498ad94b1638253a693f2dd2b493c991817..c73a159228e1256a2e1db2bc3296b7d4e24989d2 100644 --- a/lib/dns/tests/geoip_test.c +++ b/lib/dns/tests/geoip_test.c @@ -140,7 +140,7 @@ do_lookup_string(const char *addr, isc_uint8_t *scope, isc_netaddr_fromin(&na, &in4); elt.subtype = subtype; - strcpy(elt.as_string, string); + strlcpy(elt.as_string, string, sizeof(elt.as_string)); return (dns_geoip_match(&na, scope, &geoip, &elt)); } @@ -157,7 +157,7 @@ do_lookup_string_v6(const char *addr, isc_uint8_t *scope, isc_netaddr_fromin6(&na, &in6); elt.subtype = subtype; - strcpy(elt.as_string, string); + strlcpy(elt.as_string, string, sizeof(elt.as_string)); return (dns_geoip_match(&na, scope, &geoip, &elt)); } diff --git a/lib/dns/tests/gost_test.c b/lib/dns/tests/gost_test.c index ae861a1e3a9337b289b9313bb19f34a14ca859a8..68d76c01898185b33fe16fafe6e673b7fe7f79df 100644 --- a/lib/dns/tests/gost_test.c +++ b/lib/dns/tests/gost_test.c @@ -66,16 +66,16 @@ tohexstr(unsigned char *d, unsigned int len, char *out); isc_result_t tohexstr(unsigned char *d, unsigned int len, char *out) { - - out[0]='\0'; char c_ret[] = "AA"; unsigned int j; - strcat(out, "0x"); + int size = len * 2 + 1; + + out[0] = '\0'; + strlcat(out, "0x", size); for (j = 0; j < len; j++) { - sprintf(c_ret, "%02X", d[j]); - strcat(out, c_ret); + snprintf(c_ret, sizeof(c_ret), "%02X", d[j]); + strlcat(out, c_ret, size); } - strcat(out, "\0"); return (ISC_R_SUCCESS); } diff --git a/lib/dns/tests/master_test.c b/lib/dns/tests/master_test.c index cb967b5943c2015795bbd127ffb4b34001c98612..0cb31ef39bf4e9a81cd2e631ea6a42957bae1f35 100644 --- a/lib/dns/tests/master_test.c +++ b/lib/dns/tests/master_test.c @@ -82,7 +82,7 @@ setup_master(void (*warn)(struct dns_rdatacallbacks *, const char *, ...), isc_buffer_t source; isc_buffer_t target; - strcpy(origin, TEST_ORIGIN); + strlcpy(origin, TEST_ORIGIN, sizeof(origin)); len = strlen(origin); isc_buffer_init(&source, origin, len); isc_buffer_add(&source, len); @@ -552,7 +552,7 @@ ATF_TC_BODY(dumpraw, tc) { UNUSED(tc); - strcpy(myorigin, TEST_ORIGIN); + strlcpy(myorigin, TEST_ORIGIN, sizeof(myorigin)); len = strlen(myorigin); isc_buffer_init(&source, myorigin, len); isc_buffer_add(&source, len); diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index ef2eb7fbb14837790b02a4913fea9b92caca0396..9b328d5146b6b218948cf741563dc24d46c93fd4 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -154,28 +154,31 @@ tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) { if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; - if (key != NULL) + if (key != NULL) { dns_name_format(&key->name, namestr, sizeof(namestr)); - else - strcpy(namestr, ""); + } else { + strlcpy(namestr, "", sizeof(namestr)); + } - if (key != NULL && key->generated && key->creator) + if (key != NULL && key->generated && key->creator) { dns_name_format(key->creator, creatorstr, sizeof(creatorstr)); - else - strcpy(creatorstr, ""); + } else { + strlcpy(creatorstr, "", sizeof(creatorstr)); + } va_start(ap, fmt); vsnprintf(message, sizeof(message), fmt, ap); va_end(ap); - if (key != NULL && key->generated) + if (key != NULL && key->generated) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, level, "tsig key '%s' (%s): %s", namestr, creatorstr, message); - else + } else { isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, level, "tsig key '%s': %s", namestr, message); + } } static void diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 37e73eea18f6e430893c068adcff465b64832925..74f303aea6396099726062330cc679deb36ac08a 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -1021,8 +1021,9 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) { result = isc_socket_getsockname(xfr->socket, &sockaddr); if (result == ISC_R_SUCCESS) { isc_sockaddr_format(&sockaddr, sourcetext, sizeof(sourcetext)); - } else - strcpy(sourcetext, ""); + } else { + strlcpy(sourcetext, "", sizeof(sourcetext)); + } if (xfr->tsigkey != NULL && xfr->tsigkey->key != NULL) { dns_name_format(dst_key_name(xfr->tsigkey->key), diff --git a/lib/dns/zone.c b/lib/dns/zone.c index c15d31540d752051f5654ee8a413d35ec8c82ab7..23187c406fd25a1c6b8cdf362dd8d6cd1f541631 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1388,7 +1388,7 @@ dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx) { tmp2 += (zone->db_argc + 1) * sizeof(char *); for (i = 0; i < zone->db_argc; i++) { *tmp++ = tmp2; - strcpy(tmp2, zone->db_argv[i]); + strlcpy(tmp2, zone->db_argv[i], size); tmp2 += strlen(tmp2) + 1; } *tmp = NULL; @@ -1612,8 +1612,8 @@ default_journal(dns_zone_t *zone) { journal = isc_mem_allocate(zone->mctx, len); if (journal == NULL) return (ISC_R_NOMEMORY); - strcpy(journal, zone->masterfile); - strcat(journal, ".jnl"); + strlcpy(journal, zone->masterfile, len); + strlcat(journal, ".jnl", len); } else { journal = NULL; } @@ -16993,7 +16993,7 @@ dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) { } salt[j] = '\0'; } else - strcpy(salt, "-"); + strlcpy(salt, "-", sizeof(salt)); dns_zone_log(zone, ISC_LOG_NOTICE, "dns_zone_addnsec3chain(hash=%u, iterations=%u, salt=%s)", nsec3param->hash, nsec3param->iterations, diff --git a/lib/irs/getnameinfo.c b/lib/irs/getnameinfo.c index 51c2ff941a364bd7a106d9eef3acbc27a2d7b9fa..6978b4329a24563c04fc391cfc8b1e05df78cf1c 100644 --- a/lib/irs/getnameinfo.c +++ b/lib/irs/getnameinfo.c @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id$ */ - /*! \file */ /* @@ -95,6 +93,7 @@ #include #include #include +#include #include #include @@ -205,11 +204,11 @@ getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen, snprintf(numserv, sizeof(numserv), "%d", ntohs(port)); if ((strlen(numserv) + 1) > servlen) ERR(EAI_OVERFLOW); - strcpy(serv, numserv); + strlcpy(serv, numserv, servlen); } else { if ((strlen(sp->s_name) + 1) > servlen) ERR(EAI_OVERFLOW); - strcpy(serv, sp->s_name); + strlcpy(serv, sp->s_name, servlen); } #if 0 @@ -266,7 +265,7 @@ getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen, #endif if (strlen(numaddr) + 1 > hostlen) ERR(EAI_OVERFLOW); - strcpy(host, numaddr); + strlcpy(host, numaddr, hostlen); } else { isc_netaddr_t netaddr; dns_fixedname_t ptrfname; @@ -392,7 +391,7 @@ getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen, ERR(EAI_SYSTEM); if ((strlen(numaddr) + 1) > hostlen) ERR(EAI_OVERFLOW); - strcpy(host, numaddr); + strlcpy(host, numaddr, hostlen); } } result = SUCCESS; diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h index 573d27208fd8651b340f87d2e2d5d780a9cc1a0f..75ab1db566dc3cc7bdf707a3194deafae488e4d6 100644 --- a/lib/isc/include/isc/file.h +++ b/lib/isc/include/isc/file.h @@ -252,7 +252,6 @@ isc_file_progname(const char *filename, char *buf, size_t buflen); * \brief Given an operating system specific file name "filename" * referring to a program, return the canonical program name. * - * * Any directory prefix or executable file name extension (if * used on the OS in case) is stripped. On systems where program * names are case insensitive, the name is canonicalized to all diff --git a/lib/isc/inet_ntop.c b/lib/isc/inet_ntop.c index 570da8c3f1712658ad30e1341b4cf62866839883..f2c65584aa71ede5a62d7db14035f45ea0299b42 100644 --- a/lib/isc/inet_ntop.c +++ b/lib/isc/inet_ntop.c @@ -86,7 +86,7 @@ inet_ntop4(const unsigned char *src, char *dst, size_t size) errno = ENOSPC; return (NULL); } - strcpy(dst, tmp); + strlcpy(dst, tmp, size); return (dst); } @@ -184,7 +184,7 @@ inet_ntop6(const unsigned char *src, char *dst, size_t size) errno = ENOSPC; return (NULL); } - strcpy(dst, tmp); + strlcpy(dst, tmp, size); return (dst); } #endif /* AF_INET6 */ diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c index e647c0eda5fa4bfc9046c38cf1a6a9499511813f..2ecd992e8a62213d2a08ab5704439feb4a034f15 100644 --- a/lib/isc/netaddr.c +++ b/lib/isc/netaddr.c @@ -297,7 +297,7 @@ isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path) { memset(netaddr, 0, sizeof(*netaddr)); netaddr->family = AF_UNIX; - strcpy(netaddr->type.un, path); + strlcpy(netaddr->type.un, path, sizeof(netaddr->type.un)); netaddr->zone = 0; return (ISC_R_SUCCESS); #else diff --git a/lib/isc/sockaddr.c b/lib/isc/sockaddr.c index c2792bc9a4f99485d239d820698f72a5c565656a..9655f156b0e704a58ab598f62d4e4fb112e36c75 100644 --- a/lib/isc/sockaddr.c +++ b/lib/isc/sockaddr.c @@ -493,7 +493,8 @@ isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) { sockaddr->type.sunix.sun_len = (unsigned char)sizeof(sockaddr->type.sunix); #endif - strcpy(sockaddr->type.sunix.sun_path, path); + strlcpy(sockaddr->type.sunix.sun_path, path, + sizeof(sockaddr->type.sunix.sun_path)); return (ISC_R_SUCCESS); #else UNUSED(sockaddr); diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c index 0c287e83fa2a43420748ac7e816b7c162843d6d9..a5035305fb4d92475ca6d0fc8c84b6472fb68f56 100644 --- a/lib/isc/tests/hash_test.c +++ b/lib/isc/tests/hash_test.c @@ -53,16 +53,16 @@ tohexstr(unsigned char *d, unsigned int len, char *out); isc_result_t tohexstr(unsigned char *d, unsigned int len, char *out) { - - out[0]='\0'; char c_ret[] = "AA"; unsigned int i; - strcat(out, "0x"); + int size = len * 2 + 1; + + out[0] = '\0'; + strlcat(out, "0x", size); for (i = 0; i < len; i++) { - sprintf(c_ret, "%02X", d[i]); - strcat(out, c_ret); + snprintf(c_ret, sizeof(c_ret), "%02X", d[i]); + strlcat(out, c_ret, size); } - strcat(out, "\0"); return (ISC_R_SUCCESS); } diff --git a/lib/isc/tests/socket_test.c b/lib/isc/tests/socket_test.c index 1f803bc9b50bc3b1068317655de580ab716a2365..49340ea0185efbe0ee98eb5bd8d0125a7836d07b 100644 --- a/lib/isc/tests/socket_test.c +++ b/lib/isc/tests/socket_test.c @@ -182,7 +182,7 @@ ATF_TC_BODY(udp_sendto, tc) { result = isc_task_create(taskmgr, 0, &task); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); - strcpy(sendbuf, "Hello"); + snprintf(sendbuf, sizeof(sendbuf), "Hello"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; @@ -260,7 +260,7 @@ ATF_TC_BODY(udp_dup, tc) { result = isc_task_create(taskmgr, 0, &task); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); - strcpy(sendbuf, "Hello"); + snprintf(sendbuf, sizeof(sendbuf), "Hello"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; @@ -272,7 +272,7 @@ ATF_TC_BODY(udp_dup, tc) { ATF_CHECK(completion.done); ATF_CHECK_EQ(completion.result, ISC_R_SUCCESS); - strcpy(sendbuf, "World"); + snprintf(sendbuf, sizeof(sendbuf), "World"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; @@ -364,7 +364,7 @@ ATF_TC_BODY(udp_dscp_v4, tc) { ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "%s", isc_result_totext(result)); - strcpy(sendbuf, "Hello"); + snprintf(sendbuf, sizeof(sendbuf), "Hello"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; @@ -472,7 +472,7 @@ ATF_TC_BODY(udp_dscp_v6, tc) { ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "%s", isc_result_totext(result)); - strcpy(sendbuf, "Hello"); + snprintf(sendbuf, sizeof(sendbuf), "Hello"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; @@ -582,7 +582,7 @@ ATF_TC_BODY(tcp_dscp_v4, tc) { isc_socket_dscp(s2, 056); /* EF */ - strcpy(sendbuf, "Hello"); + snprintf(sendbuf, sizeof(sendbuf), "Hello"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; @@ -685,7 +685,7 @@ ATF_TC_BODY(tcp_dscp_v6, tc) { isc_socket_dscp(s2, 056); /* EF */ - strcpy(sendbuf, "Hello"); + snprintf(sendbuf, sizeof(sendbuf), "Hello"); r.base = (void *) sendbuf; r.length = strlen(sendbuf) + 1; diff --git a/lib/isc/unix/dir.c b/lib/isc/unix/dir.c index 55c905448cb489e26c9548d700764d0f0b78fe4d..306ce4594bf91c746d692036c8713e73b81f32f2 100644 --- a/lib/isc/unix/dir.c +++ b/lib/isc/unix/dir.c @@ -59,10 +59,11 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) { * Copy directory name. Need to have enough space for the name, * a possible path separator, the wildcard, and the final NUL. */ - if (strlen(dirname) + 3 > sizeof(dir->dirname)) + if (strlen(dirname) + 3 > sizeof(dir->dirname)) { /* XXXDCL ? */ return (ISC_R_NOSPACE); - strcpy(dir->dirname, dirname); + } + strlcpy(dir->dirname, dirname, sizeof(dir->dirname)); /* * Append path separator, if needed, and "*". @@ -78,8 +79,9 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) { */ dir->handle = opendir(dirname); - if (dir->handle == NULL) - return isc__errno2result(errno); + if (dir->handle == NULL) { + return (isc__errno2result(errno)); + } return (result); } @@ -109,9 +111,9 @@ isc_dir_read(isc_dir_t *dir) { * Make sure that the space for the name is long enough. */ if (sizeof(dir->entry.name) <= strlen(entry->d_name)) - return (ISC_R_UNEXPECTED); + return (ISC_R_UNEXPECTED); - strcpy(dir->entry.name, entry->d_name); + strlcpy(dir->entry.name, entry->d_name, sizeof(dir->entry.name)); /* * Some dirents have d_namlen, but it is not portable. diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c index fc18d715c9362982e92f325b9c01bda370c7dd88..6d31eb74d8d6683187b8deb1426a52ff0ccf7ffa 100644 --- a/lib/isc/unix/file.c +++ b/lib/isc/unix/file.c @@ -239,12 +239,12 @@ isc_file_template(const char *path, const char *templet, char *buf, strncpy(buf, path, s - path + 1); buf[s - path + 1] = '\0'; - strcat(buf, templet); + strlcat(buf, templet, buflen); } else { if ((strlen(templet) + 1) > buflen) return (ISC_R_NOSPACE); - strcpy(buf, templet); + strlcpy(buf, templet, buflen); } return (ISC_R_SUCCESS); @@ -543,15 +543,17 @@ dir_current(char *dirname, size_t length) { cwd = getcwd(dirname, length); if (cwd == NULL) { - if (errno == ERANGE) + if (errno == ERANGE) { result = ISC_R_NOSPACE; - else + } else { result = isc__errno2result(errno); + } } else { - if (strlen(dirname) + 1 == length) + if (strlen(dirname) + 1 == length) { result = ISC_R_NOSPACE; - else if (dirname[1] != '\0') - strcat(dirname, "/"); + } else if (dirname[1] != '\0') { + strlcat(dirname, "/", length); + } } return (result); @@ -565,7 +567,7 @@ isc_file_absolutepath(const char *filename, char *path, size_t pathlen) { return (result); if (strlen(path) + strlen(filename) + 1 > pathlen) return (ISC_R_NOSPACE); - strcat(path, filename); + strlcat(path, filename, pathlen); return (ISC_R_SUCCESS); } diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c index ee95669343776c64a229412029cc6913aa60ab54..61b598aa50337e5623bc619b6ed41cea16c111ad 100644 --- a/lib/isc/unix/socket.c +++ b/lib/isc/unix/socket.c @@ -51,6 +51,7 @@ #include #include #include +#include #include #include #include @@ -5500,17 +5501,19 @@ isc__socket_permunix(const isc_sockaddr_t *sockaddr, isc_uint32_t perm, REQUIRE(sockaddr->type.sa.sa_family == AF_UNIX); INSIST(strlen(sockaddr->type.sunix.sun_path) < sizeof(path)); - strcpy(path, sockaddr->type.sunix.sun_path); + strlcpy(path, sockaddr->type.sunix.sun_path, sizeof(path)); #ifdef NEED_SECURE_DIRECTORY slash = strrchr(path, '/'); if (slash != NULL) { - if (slash != path) + if (slash != path) { *slash = '\0'; - else - strcpy(path, "/"); - } else - strcpy(path, "."); + } else { + strlcpy(path, "/", sizeof(path)); + } + } else { + strlcpy(path, ".", sizeof(path)); + } #endif if (chmod(path, perm) < 0) { diff --git a/lib/isc/win32/dir.c b/lib/isc/win32/dir.c index 2ddcd8e1c4c9057cbfd8b52b4618af028884ff11..f1003aa61d17b367f3ad75a70b80fdec609ae571 100644 --- a/lib/isc/win32/dir.c +++ b/lib/isc/win32/dir.c @@ -67,7 +67,7 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) { if (strlen(dirname) + 3 > sizeof(dir->dirname)) /* XXXDCL ? */ return (ISC_R_NOSPACE); - strcpy(dir->dirname, dirname); + strlcpy(dir->dirname, dirname, sizeof(dir->dirname)); /* * Append path separator, if needed, and "*". @@ -121,7 +121,8 @@ isc_dir_read(isc_dir_t *dir) { /* * Make sure that the space for the name is long enough. */ - strcpy(dir->entry.name, dir->entry.find_data.cFileName); + strlcpy(dir->entry.name, dir->entry.find_data.cFileName, + sizeof(dir->entry.name)); dir->entry.length = strlen(dir->entry.name); return (ISC_R_SUCCESS); @@ -204,7 +205,8 @@ start_directory(isc_dir_t *dir) /* * Fill in the data for the first entry of the directory. */ - strcpy(dir->entry.name, dir->entry.find_data.cFileName); + strlcpy(dir->entry.name, dir->entry.find_data.cFileName, + sizeof(dir->entry.name)); dir->entry.length = strlen(dir->entry.name); dir->entry_filled = ISC_TRUE; diff --git a/lib/isc/win32/file.c b/lib/isc/win32/file.c index 5b9ebd13832c484ee7a0342e400e87164841d440..2f81f8a69bcee9818d85359685bd9373599bf780 100644 --- a/lib/isc/win32/file.c +++ b/lib/isc/win32/file.c @@ -202,8 +202,8 @@ isc_file_safemovefile(const char *oldname, const char *newname) { */ if (stat(newname, &sbuf) == 0) { exists = TRUE; - strcpy(buf, newname); - strcat(buf, ".XXXXX"); + strlcpy(buf, newname, sizeof(buf)); + strlcat(buf, ".XXXXX", sizeof(buf)); tmpfd = mkstemp(buf, ISC_TRUE); if (tmpfd > 0) _close(tmpfd); @@ -339,12 +339,12 @@ isc_file_template(const char *path, const char *templet, char *buf, strncpy(buf, path, s - path + 1); buf[s - path + 1] = '\0'; - strcat(buf, templet); + strlcat(buf, templet, buflen); } else { if ((strlen(templet) + 1) > buflen) return (ISC_R_NOSPACE); - strcpy(buf, templet); + strlcpy(buf, templet, buflen); } return (ISC_R_SUCCESS); @@ -605,7 +605,7 @@ isc_file_progname(const char *filename, char *progname, size_t namelen) { if (namelen <= strlen(s)) return (ISC_R_NOSPACE); - strcpy(progname, s); + strlcpy(progname, s, namelen); return (ISC_R_SUCCESS); } @@ -616,7 +616,7 @@ isc_file_progname(const char *filename, char *progname, size_t namelen) { if (len >= namelen) return (ISC_R_NOSPACE); - strncpy(progname, s, len); + strlcpy(progname, s, len); progname[len] = '\0'; return (ISC_R_SUCCESS); } diff --git a/lib/isc/win32/fsaccess.c b/lib/isc/win32/fsaccess.c index b47a6b5ec3e2af0c0d281a4fa8cd016d66400d52..e61d72e1ef2639856af81ab157290cd0d7f00363 100644 --- a/lib/isc/win32/fsaccess.c +++ b/lib/isc/win32/fsaccess.c @@ -75,14 +75,14 @@ is_ntfs(const char * file) { else if ((filename[0] == '\\') && (filename[1] == '\\')) { /* Find the machine and share name and rebuild the UNC */ - strcpy(tmpbuf, filename); + strlcpy(tmpbuf, filename, sizeof(tmpbuf)); machinename = strtok(tmpbuf, "\\"); sharename = strtok(NULL, "\\"); - strcpy(drive, "\\\\"); - strcat(drive, machinename); - strcat(drive, "\\"); - strcat(drive, sharename); - strcat(drive, "\\"); + strlcpy(drive, "\\\\", sizeof(drive)); + strlcat(drive, machinename, sizeof(drive)); + strlcat(drive, "\\", sizeof(drive)); + strlcat(drive, sharename, sizeof(drive)); + strlcat(drive, "\\", sizeof(drive)); } else /* Not determinable */ diff --git a/lib/isc/win32/ntpaths.c b/lib/isc/win32/ntpaths.c index 8a624ae08a5a844133a53f374aedc454523bc990..d9e997ea3ad0129440bf40a377892aba81a9059e 100644 --- a/lib/isc/win32/ntpaths.c +++ b/lib/isc/win32/ntpaths.c @@ -88,8 +88,9 @@ isc_ntpaths_init(void) { strcat(sys_conf_dir, "\\etc"); /* Added to avoid an assert on NULL value */ - strcpy(resolv_confFile, namedBase); - strcat(resolv_confFile, "\\etc\\resolv.conf"); + strlcpy(resolv_confFile, namedBase, sizeof(resolv_confFile)); + strlcat(resolv_confFile, "\\etc\\resolv.conf", + sizeof(resolv_confFile)); Initialized = TRUE; } diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 7d627d2fab499876cba1ab0b075e239d803ee28a..ced1ee1cde182b2845458ad66f0b431326ec26cc 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -2240,27 +2240,25 @@ token_addr(cfg_parser_t *pctx, unsigned int flags, isc_netaddr_t *na) { return (ISC_R_SUCCESS); } } - if ((flags & CFG_ADDR_V4PREFIXOK) != 0 && - strlen(s) <= 15U) { + if ((flags & CFG_ADDR_V4PREFIXOK) != 0 && strlen(s) <= 15U) { char buf[64]; int i; - strcpy(buf, s); + strlcpy(buf, s, sizeof(buf)); for (i = 0; i < 3; i++) { - strcat(buf, ".0"); + strlcat(buf, ".0", sizeof(buf)); if (inet_pton(AF_INET, buf, &in4a) == 1) { isc_netaddr_fromin(na, &in4a); return (ISC_R_SUCCESS); } } } - if ((flags & CFG_ADDR_V6OK) != 0 && - strlen(s) <= 127U) { + if ((flags & CFG_ADDR_V6OK) != 0 && strlen(s) <= 127U) { char buf[128]; /* see lib/bind9/getaddresses.c */ char *d; /* zone delimiter */ isc_uint32_t zone = 0; /* scope zone ID */ - strcpy(buf, s); + strlcpy(buf, s, sizeof(buf)); d = strchr(buf, '%'); if (d != NULL) *d = '\0'; @@ -2914,9 +2912,10 @@ parser_complain(cfg_parser_t *pctx, isc_boolean_t is_warning, len = vsnprintf(message, sizeof(message), format, args); #define ELIPSIS " ... " - if (len >= sizeof(message)) + if (len >= sizeof(message)) { strcpy(message + sizeof(message) - sizeof(ELIPSIS) - 1, ELIPSIS); + } if ((flags & (CFG_LOG_NEAR|CFG_LOG_BEFORE|CFG_LOG_NOPREP)) != 0) { isc_region_t r; diff --git a/lib/ns/client.c b/lib/ns/client.c index e750bbaa73d16939201c076acc4a0a8b93c478df..e30b6445f7505f5d423eb9c0f7f02aa8b5549cf6 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -3924,8 +3924,8 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { dns_rdataclass_format(rdataset->rdclass, classbuf, sizeof(classbuf)); } else { - strcpy(typebuf, "-"); - strcpy(classbuf, "-"); + strlcpy(typebuf, "-", sizeof(typebuf)); + strlcpy(classbuf, "-", sizeof(classbuf)); } UNLOCK(&client->query.fetchlock); fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "