From cd5f222cc4e769395a7c6c8646abefe1d657f844 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri, 15 Apr 2016 11:25:18 +0200
Subject: [PATCH] Remove use of strcpy() and sprintf().
Even though they were safe, compilers like to warn about them nowadays.
---
src/names.c | 6 +++---
src/node.c | 2 +-
src/script.c | 10 ++++++----
src/sptps.c | 2 +-
src/utils.c | 2 +-
5 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/names.c b/src/names.c
index 47729dac..a640fe48 100644
--- a/src/names.c
+++ b/src/names.c
@@ -121,11 +121,11 @@ void make_names(bool daemon) {
if(!unixsocketname) {
int len = strlen(pidfilename);
unixsocketname = xmalloc(len + 8);
- strcpy(unixsocketname, pidfilename);
+ memcpy(unixsocketname, pidfilename, len);
if(len > 4 && !strcmp(pidfilename + len - 4, ".pid"))
- strcpy(unixsocketname + len - 4, ".socket");
+ strncpy(unixsocketname + len - 4, ".socket", 8);
else
- strcpy(unixsocketname + len, ".socket");
+ strncpy(unixsocketname + len, ".socket", 8);
}
}
diff --git a/src/node.c b/src/node.c
index bd94ed0b..7242e950 100644
--- a/src/node.c
+++ b/src/node.c
@@ -186,7 +186,7 @@ bool dump_nodes(connection_t *c) {
for splay_each(node_t, n, node_tree) {
char id[2 * sizeof n->id + 1];
for (size_t c = 0; c < sizeof n->id; ++c)
- sprintf(id + 2 * c, "%02hhx", n->id.x[c]);
+ snprintf(id + 2 * c, 3, "%02hhx", n->id.x[c]);
id[sizeof id - 1] = 0;
send_request(c, "%d %d %s %s %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", CONTROL, REQ_DUMP_NODES,
n->name, id, n->hostname ?: "unknown port unknown",
diff --git a/src/script.c b/src/script.c
index 5ca56737..4cea3837 100644
--- a/src/script.c
+++ b/src/script.c
@@ -75,9 +75,11 @@ bool execute_script(const char *name, char **envp) {
#ifdef HAVE_MINGW
if(!*scriptextension) {
const char *pathext = getenv("PATHEXT") ?: ".COM;.EXE;.BAT;.CMD";
- char fullname[strlen(scriptname) + strlen(pathext)];
- char *ext = fullname + strlen(scriptname);
- strcpy(fullname, scriptname);
+ size_t pathlen = strlen(pathext);
+ size_t scriptlen = strlen(scriptname);
+ char fullname[scriptlen + pathlen + 1];
+ char *ext = fullname + scriptlen;
+ strncpy(fullname, scriptname, sizeof fullname);
const char *p = pathext;
bool found = false;
@@ -88,7 +90,7 @@ bool execute_script(const char *name, char **envp) {
ext[q - p] = 0;
q++;
} else {
- strcpy(ext, p);
+ strncpy(ext, p, pathlen + 1);
}
if((found = !access(fullname, F_OK)))
break;
diff --git a/src/sptps.c b/src/sptps.c
index 7bd271b9..712d50ea 100644
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -204,7 +204,7 @@ static bool generate_key_material(sptps_t *s, const char *shared, size_t len) {
// Create the HMAC seed, which is "key expansion" + session label + server nonce + client nonce
char seed[s->labellen + 64 + 13];
- strcpy(seed, "key expansion");
+ memcpy(seed, "key expansion", 13);
if(s->initiator) {
memcpy(seed + 13, s->mykex + 1, 32);
memcpy(seed + 45, s->hiskex + 1, 32);
diff --git a/src/utils.c b/src/utils.c
index 65ba4b90..c374eb5d 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -158,7 +158,7 @@ int b64encode_urlsafe(const void *src, char *dst, int length) {
const char *winerror(int err) {
static char buf[1024], *ptr;
- ptr = buf + sprintf(buf, "(%d) ", err);
+ ptr = buf + snprintf(buf, sizeof buf, "(%d) ", err);
if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), ptr, sizeof(buf) - (ptr - buf), NULL)) {
--
2.39.5