secure coding: cgfsng: strncat, strlcpy

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 5eefd3f9a02b7a7f3b7ac39cbcb425fda9204ad6..2540bd811a24ab260bf0c5a5e6f4cc8398c392d0 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -58,6 +58,10 @@
 #include "storage/storage.h"
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 lxc_log_define(lxc_cgfsng, lxc);
 
 static void free_string_list(char **clist)
@@ -1195,19 +1199,23 @@ static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname)
         * some thinking.
         */
        for (it = h->controllers; it && *it; it++) {
-                full_len += strlen(*it) + 2;
-                add_controllers = must_realloc(add_controllers, full_len + 1);
-                if (h->controllers[0] == *it)
-                        add_controllers[0] = '\0';
-                strcat(add_controllers, "+");
-                strcat(add_controllers, *it);
-                if ((it + 1) && *(it + 1))
-                        strcat(add_controllers, " ");
+               full_len += strlen(*it) + 2;
+               add_controllers = must_realloc(add_controllers, full_len + 1);
+
+               if (h->controllers[0] == *it)
+                       add_controllers[0] = '\0';
+
+               strncat(add_controllers, "+", 1);
+               strncat(add_controllers, *it, strlen(*it));
+
+               if ((it + 1) && *(it + 1))
+                       strncat(add_controllers, " ", 1);
        }
 
        parts = lxc_string_split(cgname, '/');
        if (!parts)
                goto on_error;
+
        parts_len = lxc_array_len((void **)parts);
        if (parts_len > 0)
                parts_len--;
@@ -1301,9 +1309,10 @@ static inline bool cgfsng_create(struct cgroup_ops *ops,
                ERROR("Failed expanding cgroup name pattern");
                return false;
        }
+
        len = strlen(tmp) + 5; /* leave room for -NNN\0 */
        container_cgroup = must_alloc(len);
-       strcpy(container_cgroup, tmp);
+       (void)strlcpy(container_cgroup, tmp, len);
        free(tmp);
        offset = container_cgroup + len - 5;
 
@@ -1942,7 +1951,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
                if (ret < 0 && errno != EEXIST)
                        goto on_error;
 
-               strcat(full_path, "/cgroup.procs");
+               strncat(full_path, "/cgroup.procs", strlen("/cgroup.procs"));
                ret = lxc_write_to_file(full_path, pidstr, len, false, 0666);
                if (ret == 0)
                        goto on_success;
@@ -2022,7 +2031,8 @@ static int cgfsng_get(struct cgroup_ops *ops, const char *filename, char *value,
 
        controller_len = strlen(filename);
        controller = alloca(controller_len + 1);
-       strcpy(controller, filename);
+       (void)strlcpy(controller, filename, controller_len + 1);
+
        p = strchr(controller, '.');
        if (p)
                *p = '\0';
@@ -2059,7 +2069,8 @@ static int cgfsng_set(struct cgroup_ops *ops, const char *filename,
 
        controller_len = strlen(filename);
        controller = alloca(controller_len + 1);
-       strcpy(controller, filename);
+       (void)strlcpy(controller, filename, controller_len + 1);
+
        p = strchr(controller, '.');
        if (p)
                *p = '\0';
@@ -2176,7 +2187,8 @@ static int cg_legacy_set_data(struct cgroup_ops *ops, const char *filename,
 
        len = strlen(filename);
        controller = alloca(len + 1);
-       strcpy(controller, filename);
+       (void)strlcpy(controller, filename, len + 1);
+
        p = strchr(controller, '.');
        if (p)
                *p = '\0';