Remove use of strcpy() and sprintf().

Even though they were safe, compilers like to warn about them nowadays.
2016-04-15 11:25:18 +02:00 · 2016-04-15 11:25:18 +02:00 · cd5f222cc4
commit cd5f222cc4
parent d4410d0cce
5 changed files with 12 additions and 10 deletions
--- a/src/names.c
+++ b/src/names.c
@ -121,11 +121,11 @@ void make_names(bool daemon) {
 	if(!unixsocketname) {
 		int len = strlen(pidfilename);
 		unixsocketname = xmalloc(len + 8);
-		strcpy(unixsocketname, pidfilename);
+		memcpy(unixsocketname, pidfilename, len);
 		if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
-			strcpy(unixsocketname + len - 4, ".socket");
+			strncpy(unixsocketname + len - 4, ".socket", 8);
 		else
-			strcpy(unixsocketname + len, ".socket");
+			strncpy(unixsocketname + len, ".socket", 8);
 	}
 }
--- a/src/node.c
+++ b/src/node.c
@ -186,7 +186,7 @@ bool dump_nodes(connection_t *c) {
 	for splay_each(node_t, n, node_tree) {
 		char id[2 * sizeof n->id + 1];
 		for (size_t c = 0; c < sizeof n->id; ++c)
-			sprintf(id + 2 * c, "%02hhx", n->id.x[c]);
+			snprintf(id + 2 * c, 3, "%02hhx", n->id.x[c]);
 		id[sizeof id - 1] = 0;
 		send_request(c, "%d %d %s %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES,
 			   n->name, id, n->hostname ?: "unknown port unknown",
--- a/src/script.c
+++ b/src/script.c
@ -75,9 +75,11 @@ bool execute_script(const char *name, char **envp) {
 #ifdef HAVE_MINGW
 	if(!*scriptextension) {
 		const char *pathext = getenv("PATHEXT") ?: ".COM;.EXE;.BAT;.CMD";
-		char fullname[strlen(scriptname) + strlen(pathext)];
+		size_t pathlen = strlen(pathext);
-		char *ext = fullname + strlen(scriptname);
+		size_t scriptlen = strlen(scriptname);
-		strcpy(fullname, scriptname);
+		char fullname[scriptlen + pathlen + 1];
 		char *ext = fullname + scriptlen;
 		strncpy(fullname, scriptname, sizeof fullname);
 		const char *p = pathext;
 		bool found = false;
@ -88,7 +90,7 @@ bool execute_script(const char *name, char **envp) {
 				ext[q - p] = 0;
 				q++;
 			} else {
-				strcpy(ext, p);
+				strncpy(ext, p, pathlen + 1);
 			}
 			if((found = !access(fullname, F_OK)))
 				break;
--- a/src/sptps.c
+++ b/src/sptps.c
@ -204,7 +204,7 @@ static bool generate_key_material(sptps_t *s, const char *shared, size_t len) {
 	// Create the HMAC seed, which is "key expansion" + session label + server nonce + client nonce
 	char seed[s->labellen + 64 + 13];
-	strcpy(seed, "key expansion");
+	memcpy(seed, "key expansion", 13);
 	if(s->initiator) {
 		memcpy(seed + 13, s->mykex + 1, 32);
 		memcpy(seed + 45, s->hiskex + 1, 32);
--- a/src/utils.c
+++ b/src/utils.c
@ -158,7 +158,7 @@ int b64encode_urlsafe(const void *src, char *dst, int length) {
 const char *winerror(int err) {
 	static char buf[1024], *ptr;
-	ptr = buf + sprintf(buf, "(%d) ", err);
+	ptr = buf + snprintf(buf, sizeof buf, "(%d) ", err);
 	if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
 		NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), ptr, sizeof(buf) - (ptr - buf), NULL)) {