[or-cvs] Use strlcpy, not strcpy.
Nick Mathewson
nickm at seul.org
Wed Oct 27 06:48:20 UTC 2004
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv7044/src/or
Modified Files:
buffers.c circuituse.c connection_edge.c directory.c dirserv.c
dns.c rendcommon.c rendservice.c rephist.c routerlist.c
Log Message:
Use strlcpy, not strcpy.
Index: buffers.c
===================================================================
RCS file: /home/or/cvsroot/src/or/buffers.c,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -d -r1.108 -r1.109
--- buffers.c 16 Oct 2004 22:14:51 -0000 1.108
+++ buffers.c 27 Oct 2004 06:48:16 -0000 1.109
@@ -506,7 +506,7 @@
(int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN);
return -1;
}
- strcpy(req->address,tmpbuf);
+ strlcpy(req->address,tmpbuf,sizeof(req->address));
req->port = ntohs(*(uint16_t*)(buf->mem+8));
buf_remove_from_front(buf, 10);
if(!have_warned_about_unsafe_socks) {
@@ -594,7 +594,8 @@
}
}
log_fn(LOG_DEBUG,"socks4: Everything is here. Success.");
- strcpy(req->address, socks4_prot == socks4 ? tmpbuf : startaddr);
+ strlcpy(req->address, socks4_prot == socks4 ? tmpbuf : startaddr,
+ sizeof(req->address));
/* XXX on very old netscapes (socks4) the next line triggers an
* assert, because next-buf->mem+1 is greater than buf->datalen.
*/
@@ -605,7 +606,7 @@
case 'H': /* head */
case 'P': /* put/post */
case 'C': /* connect */
- strcpy(req->reply,
+ strlcpy(req->reply,
"HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
"Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
"<html>\n"
@@ -625,7 +626,7 @@
"</p>\n"
"</body>\n"
"</html>\n"
-);
+ , MAX_SOCKS_REPLY_LEN);
req->replylen = strlen(req->reply)+1;
/* fall through */
default: /* version is not socks4 or socks5 */
Index: circuituse.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuituse.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- circuituse.c 17 Oct 2004 21:51:20 -0000 1.18
+++ circuituse.c 27 Oct 2004 06:48:16 -0000 1.19
@@ -717,7 +717,7 @@
if(circ &&
(desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL)) {
/* then write the service_id into circ */
- strcpy(circ->rend_query, conn->rend_query);
+ strlcpy(circ->rend_query, conn->rend_query, sizeof(circ->rend_query));
}
}
if(!circ)
Index: connection_edge.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_edge.c,v
retrieving revision 1.219
retrieving revision 1.220
diff -u -d -r1.219 -r1.220
--- connection_edge.c 27 Oct 2004 06:37:34 -0000 1.219
+++ connection_edge.c 27 Oct 2004 06:48:16 -0000 1.220
@@ -419,7 +419,7 @@
return 0;
}
- strcpy(conn->rend_query, socks->address); /* this strcpy is safe -RD */
+ strlcpy(conn->rend_query, socks->address, sizeof(conn->rend_query));
log_fn(LOG_INFO,"Got a hidden service request for ID '%s'", conn->rend_query);
/* see if we already have it cached */
r = rend_cache_lookup_entry(conn->rend_query, &entry);
@@ -594,7 +594,8 @@
/* leave version at zero, so the socks_reply is empty */
conn->socks_request->socks_version = 0;
conn->socks_request->has_finished = 0; /* waiting for 'connected' */
- strcpy(conn->socks_request->address, address);
+ strlcpy(conn->socks_request->address, address,
+ sizeof(conn->socks_request->address));
conn->socks_request->port = port;
conn->socks_request->command = SOCKS_COMMAND_CONNECT;
@@ -775,7 +776,8 @@
log_fn(LOG_DEBUG,"begin is for rendezvous. configuring stream.");
n_stream->address = tor_strdup("(rendezvous)");
n_stream->state = EXIT_CONN_STATE_CONNECTING;
- strcpy(n_stream->rend_query, circ->rend_query);
+ strlcpy(n_stream->rend_query, circ->rend_query,
+ sizeof(n_stream->rend_query));
tor_assert(connection_edge_is_rendezvous_stream(n_stream));
assert_circuit_ok(circ);
if(rend_service_set_connection_addr_port(n_stream, circ) < 0) {
Index: directory.c
===================================================================
RCS file: /home/or/cvsroot/src/or/directory.c,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -d -r1.154 -r1.155
--- directory.c 27 Oct 2004 06:37:34 -0000 1.154
+++ directory.c 27 Oct 2004 06:48:16 -0000 1.155
@@ -429,9 +429,8 @@
if(s-start < 5 || strcmpstart(start,"/tor/")) { /* need to rewrite it */
*url = tor_malloc(s - start + 5);
- strcpy(*url,"/tor");
- strlcpy((*url)+4, start, s-start+1);
- (*url)[s-start+4] = 0; /* null terminate it */
+ strlcpy(*url,"/tor", s-start+5);
+ strlcat((*url)+4, start, s-start+1);
} else {
*url = tor_strndup(start, s-start);
}
Index: dirserv.c
===================================================================
RCS file: /home/or/cvsroot/src/or/dirserv.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -d -r1.103 -r1.104
--- dirserv.c 27 Oct 2004 06:37:34 -0000 1.103
+++ dirserv.c 27 Oct 2004 06:48:16 -0000 1.104
@@ -476,7 +476,7 @@
*cp++ = '!';
}
if (desc->verified) {
- strcpy(cp, desc->nickname);
+ strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
cp += strlen(cp);
if (!rr_format)
*cp++ = '=';
Index: dns.c
===================================================================
RCS file: /home/or/cvsroot/src/or/dns.c,v
retrieving revision 1.114
retrieving revision 1.115
diff -u -d -r1.114 -r1.115
--- dns.c 27 Oct 2004 06:03:28 -0000 1.114
+++ dns.c 27 Oct 2004 06:48:16 -0000 1.115
@@ -159,7 +159,7 @@
case RESOLVED_TYPE_ERROR_TRANSIENT:
case RESOLVED_TYPE_ERROR:
buf[1] = 24; /* length of "error resolving hostname" */
- strcpy(buf+2, "error resolving hostname");
+ strlcpy(buf+2, "error resolving hostname", buf-2);
buflen = 26;
break;
default:
Index: rendcommon.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendcommon.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -d -r1.36 -r1.37
--- rendcommon.c 14 Oct 2004 03:18:14 -0000 1.36
+++ rendcommon.c 27 Oct 2004 06:48:16 -0000 1.37
@@ -68,7 +68,7 @@
cp += 2;
for (i=0; i < desc->n_intro_points; ++i) {
ipoint = (char*)desc->intro_points[i];
- strcpy(cp, ipoint);
+ strlcpy(cp, ipoint, *len_out-(cp-*str_out));
cp += strlen(ipoint)+1;
}
i = crypto_pk_private_sign_digest(key, *str_out, cp-*str_out, cp);
Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -d -r1.96 -r1.97
--- rendservice.c 27 Oct 2004 06:37:34 -0000 1.96
+++ rendservice.c 27 Oct 2004 06:48:16 -0000 1.97
@@ -459,7 +459,8 @@
memcpy(launched->rend_pk_digest, circuit->rend_pk_digest,
DIGEST_LEN);
memcpy(launched->rend_cookie, r_cookie, REND_COOKIE_LEN);
- strcpy(launched->rend_query, service->service_id);
+ strlcpy(launched->rend_query, service->service_id,
+ sizeof(launched->rend_query));
launched->build_state->pending_final_cpath = cpath =
tor_malloc_zero(sizeof(crypt_path_t));
@@ -539,7 +540,8 @@
nickname);
return -1;
}
- strcpy(launched->rend_query, service->service_id);
+ strlcpy(launched->rend_query, service->service_id,
+ sizeof(launched->rend_query));
memcpy(launched->rend_pk_digest, service->pk_digest, DIGEST_LEN);
return 0;
Index: rephist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rephist.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- rephist.c 27 Oct 2004 06:37:34 -0000 1.33
+++ rephist.c 27 Oct 2004 06:48:16 -0000 1.34
@@ -267,7 +267,7 @@
upt, upt+downt, uptime*100.0);
if (!strmap_isempty(or_history->link_history_map)) {
- strcpy(buffer, " Good extend attempts: ");
+ strlcpy(buffer, " Good extend attempts: ", sizeof(buffer));
len = strlen(buffer);
for (lhist_it = strmap_iter_init(or_history->link_history_map);
!strmap_iter_done(lhist_it);
Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -d -r1.168 -r1.169
--- routerlist.c 27 Oct 2004 06:37:34 -0000 1.168
+++ routerlist.c 27 Oct 2004 06:48:16 -0000 1.169
@@ -1115,7 +1115,7 @@
strlen(cp), s);
return -1;
}
- strcpy(hexdigest, cp);
+ strlcpy(hexdigest, cp, sizeof(hexdigest));
if (base16_decode(digest, DIGEST_LEN, hexdigest, HEX_DIGEST_LEN)<0) {
log_fn(LOG_WARN, "Invalid digest in router status entry (%s)", s);
return -1;
More information about the tor-commits
mailing list