reliability: ensure string copy results to a null determined string

Copying strings is much harder than it superficially looks, see reference
for further information,

Reference: http://meyering.net/crusade-to-eliminate-strncpy/

diff --git a/asn.c b/asn.c
index bb2bca1f2e7540221af207e8a60e1e697c0e14ce..a8491c413adbca49b00d44319122237f4a48a9a5 100644 (file)
--- a/asn.c
+++ b/asn.c
@@ -45,7 +45,7 @@
 
 #include "mtr.h"
 #include "asn.h"
-
+#include "utils.h"
 //#define IIDEBUG
 
 #ifdef IIDEBUG
@@ -138,7 +138,7 @@ static char *ipinfo_lookup(const char *domain) {
         txt = (char*)txtrec;
 
     pt++;
-    strncpy(txt, (char*) pt, txtlen);
+    xstrncpy(txt, (char*) pt, txtlen);
     txt[txtlen] = 0;
 
     if (iihash)

diff --git a/curses.c b/curses.c
index 1f7d634f3a80f8b02bd359774f8520b10744034a..001d3a711fdc811d5ff5446b345cce88a55065fe 100644 (file)
--- a/curses.c
+++ b/curses.c
@@ -60,6 +60,7 @@
 #include "dns.h"
 #include "asn.h"
 #include "display.h"
+#include "utils.h"
 
 #endif
 
@@ -268,15 +269,16 @@ extern int mtr_curses_keyaction(struct mtr_ctl *ctl)
       }
     }
     buf[i] = '\0';
-    if ( strlen( buf ) > 0 ) strcpy( ctl->fld_active, buf );
+    if ( strlen( buf ) > 0 )
+      xstrncpy(ctl->fld_active, buf, 2 * MAXFLD);
 
     return ActionNone;
   }
   if (tolower(c) == 'j') {
     if( strchr(ctl->fld_active, 'N') ) {
-      strcpy(ctl->fld_active, "DR AGJMXI");        /* GeoMean and jitter */
+      xstrncpy(ctl->fld_active, "DR AGJMXI", 2 * MAXFLD);      /* GeoMean and jitter */
     } else {
-      strcpy(ctl->fld_active, "LS NABWV");         /* default */
+      xstrncpy(ctl->fld_active, "LS NABWV", 2 * MAXFLD);       /* default */
     }
     return ActionNone;
   }

diff --git a/mtr.c b/mtr.c
index 2f6ea2135f6857f910691826f09e39836da0b92f..99f4cb070cfaffeecf969a88a460beeb1766b493 100644 (file)
--- a/mtr.c
+++ b/mtr.c
@@ -464,7 +464,7 @@ static void parse_arg (struct mtr_ctl *ctl, int argc, char **argv)
           error(EXIT_FAILURE, 0, "Unknown field identifier: %c", optarg[i]);
         }
       }
-      strcpy ((char*)ctl->fld_active, optarg);
+      xstrncpy(ctl->fld_active, optarg, 2 * MAXFLD);
       break;
     case 'B':
       ctl->bitpattern = strtonum_or_err(optarg, "invalid argument", STRTO_INT);
@@ -637,7 +637,7 @@ extern int main(int argc, char **argv)
   ctl.maxTTL = 30;
   ctl.maxUnknown = 12;
   ctl.tcp_timeout = 10 * 1000000;
-  strcpy(ctl.fld_active, "LS NABWV");
+  xstrncpy(ctl.fld_active, "LS NABWV", 2 * MAXFLD);
 
   /*  Get the raw sockets first thing, so we can drop to user euid immediately  */
 
@@ -689,7 +689,7 @@ extern int main(int argc, char **argv)
     ctl.Hostname = names->name;
     //  if (Hostname == NULL) Hostname = "localhost"; // no longer necessary.
     if (gethostname(ctl.LocalHostname, sizeof(ctl.LocalHostname))) {
-      strcpy(ctl.LocalHostname, "UNKNOWNHOST");
+      xstrncpy(ctl.LocalHostname, "UNKNOWNHOST", sizeof(ctl.LocalHostname));
     }
 
     if (net_preopen_result != 0) {

diff --git a/net.c b/net.c
index eb9bd5e60812ab4c79ba493ef700aa4ea6a70372..122701733f4964923e56a19d2694e429f8489323 100644 (file)
--- a/net.c
+++ b/net.c
@@ -52,6 +52,7 @@
 #include "net.h"
 #include "display.h"
 #include "dns.h"
+#include "utils.h"
 
 static int packetsize;         /* packet size used by ping */
 static int spacketsize;                /* packet size used by sendto */
@@ -1707,7 +1708,7 @@ static void sockaddrtop( struct sockaddr * saddr, char * strptr, size_t len ) {
   switch ( saddr->sa_family ) {
   case AF_INET:
     sa4 = (struct sockaddr_in *) saddr;
-    strncpy( strptr, inet_ntoa( sa4->sin_addr ), len - 1 );
+    xstrncpy( strptr, inet_ntoa( sa4->sin_addr ), len - 1 );
     strptr[ len - 1 ] = '\0';
     return;
 #ifdef ENABLE_IPV6

diff --git a/split.c b/split.c
index 7917a3f1a38480e39dac4ef389cf8b589bcc0b3e..0df27c390cd81af916addcc417d26d0a37082597 100644 (file)
--- a/split.c
+++ b/split.c
@@ -34,6 +34,7 @@
 
 #include "net.h"
 #include "split.h"
+#include "utils.h"
 
 #ifdef HAVE_NCURSES
 # if defined(HAVE_NCURSES_H)
@@ -116,7 +117,7 @@ extern void split_redraw(struct mtr_ctl *ctl)
     } else {
       printf("%d %s\n", at+1, newLine);
       fflush(stdout);
-      strcpy(Lines[at], newLine);
+      xstrncpy(Lines[at], newLine, MAX_LINE_SIZE);
       if (LineCount < (at+1)) {
        LineCount = at+1;
       }
@@ -133,7 +134,7 @@ extern void split_open(void)
 #endif
   LineCount = -1;
   for (i=0; i<MAX_LINE_COUNT; i++) {
-    strcpy(Lines[i], "???");
+    xstrncpy(Lines[i], "???", MAX_LINE_SIZE);
   }
 }
 

diff --git a/utils.h b/utils.h
index 4afd41217cd729e45679ab2b0a6dfdf9bf8b2880..4a39fd055c863935fb94743d6a0738f490d25d15 100644 (file)
--- a/utils.h
+++ b/utils.h
@@ -25,3 +25,10 @@ enum {
 extern char *trim(char *s);
 extern int strtonum_or_err(const char *str, const char *errmesg, const int type);
 extern float strtofloat_or_err(const char *str, const char *errmesg);
+
+/* Like strncpy(3) but ensure null termination. */
+static inline void xstrncpy(char *dest, const char *src, size_t n)
+{
+  strncpy(dest, src, n - 1);
+  dest[n - 1] = 0;
+}