From cd5f222cc4e769395a7c6c8646abefe1d657f844 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 15 Apr 2016 11:25:18 +0200 Subject: [PATCH] Remove use of strcpy() and sprintf(). Even though they were safe, compilers like to warn about them nowadays. --- src/names.c | 6 +++--- src/node.c | 2 +- src/script.c | 10 ++++++---- src/sptps.c | 2 +- src/utils.c | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/names.c b/src/names.c index 47729dac..a640fe48 100644 --- a/src/names.c +++ b/src/names.c @@ -121,11 +121,11 @@ void make_names(bool daemon) { if(!unixsocketname) { int len = strlen(pidfilename); unixsocketname = xmalloc(len + 8); - strcpy(unixsocketname, pidfilename); + memcpy(unixsocketname, pidfilename, len); if(len > 4 && !strcmp(pidfilename + len - 4, ".pid")) - strcpy(unixsocketname + len - 4, ".socket"); + strncpy(unixsocketname + len - 4, ".socket", 8); else - strcpy(unixsocketname + len, ".socket"); + strncpy(unixsocketname + len, ".socket", 8); } } diff --git a/src/node.c b/src/node.c index bd94ed0b..7242e950 100644 --- a/src/node.c +++ b/src/node.c @@ -186,7 +186,7 @@ bool dump_nodes(connection_t *c) { for splay_each(node_t, n, node_tree) { char id[2 * sizeof n->id + 1]; for (size_t c = 0; c < sizeof n->id; ++c) - sprintf(id + 2 * c, "%02hhx", n->id.x[c]); + snprintf(id + 2 * c, 3, "%02hhx", n->id.x[c]); id[sizeof id - 1] = 0; send_request(c, "%d %d %s %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES, n->name, id, n->hostname ?: "unknown port unknown", diff --git a/src/script.c b/src/script.c index 5ca56737..4cea3837 100644 --- a/src/script.c +++ b/src/script.c @@ -75,9 +75,11 @@ bool execute_script(const char *name, char **envp) { #ifdef HAVE_MINGW if(!*scriptextension) { const char *pathext = getenv("PATHEXT") ?: ".COM;.EXE;.BAT;.CMD"; - char fullname[strlen(scriptname) + strlen(pathext)]; - char *ext = fullname + strlen(scriptname); - strcpy(fullname, scriptname); + size_t pathlen = strlen(pathext); + size_t scriptlen = strlen(scriptname); + char fullname[scriptlen + pathlen + 1]; + char *ext = fullname + scriptlen; + strncpy(fullname, scriptname, sizeof fullname); const char *p = pathext; bool found = false; @@ -88,7 +90,7 @@ bool execute_script(const char *name, char **envp) { ext[q - p] = 0; q++; } else { - strcpy(ext, p); + strncpy(ext, p, pathlen + 1); } if((found = !access(fullname, F_OK))) break; diff --git a/src/sptps.c b/src/sptps.c index 7bd271b9..712d50ea 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -204,7 +204,7 @@ static bool generate_key_material(sptps_t *s, const char *shared, size_t len) { // Create the HMAC seed, which is "key expansion" + session label + server nonce + client nonce char seed[s->labellen + 64 + 13]; - strcpy(seed, "key expansion"); + memcpy(seed, "key expansion", 13); if(s->initiator) { memcpy(seed + 13, s->mykex + 1, 32); memcpy(seed + 45, s->hiskex + 1, 32); diff --git a/src/utils.c b/src/utils.c index 65ba4b90..c374eb5d 100644 --- a/src/utils.c +++ b/src/utils.c @@ -158,7 +158,7 @@ int b64encode_urlsafe(const void *src, char *dst, int length) { const char *winerror(int err) { static char buf[1024], *ptr; - ptr = buf + sprintf(buf, "(%d) ", err); + ptr = buf + snprintf(buf, sizeof buf, "(%d) ", err); if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), ptr, sizeof(buf) - (ptr - buf), NULL)) {