From: Christian Brauner Date: Fri, 11 May 2018 10:58:11 +0000 (+0200) Subject: tree-wide: s/strncpy()/strlcpy()/g X-Git-Tag: lxc-2.0.10~144 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bfa1f5b3923a2ed884ee44ccbf2e36f8e375673;p=thirdparty%2Flxc.git tree-wide: s/strncpy()/strlcpy()/g Signed-off-by: Christian Brauner --- diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 6debb07f1..002f944ce 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -36,6 +36,10 @@ #include "log.h" #include "utils.h" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + lxc_log_define(lxc_af_unix, lxc); int lxc_abstract_unix_open(const char *path, int type, int flags) @@ -63,8 +67,9 @@ int lxc_abstract_unix_open(const char *path, int type, int flags) errno = ENAMETOOLONG; return -1; } - /* addr.sun_path[0] has already been set to 0 by memset() */ - strncpy(&addr.sun_path[1], &path[1], len); + + /* do not enforce \0-termination */ + memcpy(&addr.sun_path[1], &path[1], len); ret = bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1); @@ -116,8 +121,9 @@ int lxc_abstract_unix_connect(const char *path) errno = ENAMETOOLONG; return -1; } - /* addr.sun_path[0] has already been set to 0 by memset() */ - strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); + + /* do not enforce \0-termination */ + memcpy(&addr.sun_path[1], &path[1], len); ret = connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1); diff --git a/src/lxc/criu.c b/src/lxc/criu.c index 83d481323..f469239a5 100644 --- a/src/lxc/criu.c +++ b/src/lxc/criu.c @@ -51,6 +51,10 @@ #include #endif +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + #define CRIU_VERSION "2.0" #define CRIU_GITID_VERSION "2.0" @@ -535,6 +539,7 @@ static void exec_criu(struct criu_opts *opts) argv = m; lxc_list_for_each(it, &opts->c->lxc_conf->network) { + size_t retlen; char eth[128], *veth; char *fmt; struct lxc_netdev *n = it->elem; @@ -551,9 +556,9 @@ static void exec_criu(struct criu_opts *opts) } if (n->name[0] != '\0') { - if (strlen(n->name) >= sizeof(eth)) + retlen = strlcpy(eth, n->name, sizeof(eth)); + if (retlen >= sizeof(eth)) goto err; - strncpy(eth, n->name, sizeof(eth)); } else { ret = snprintf(eth, sizeof(eth), "eth%d", netnr); if (ret < 0 || ret >= sizeof(eth)) diff --git a/src/lxc/log.c b/src/lxc/log.c index e7e77ff85..6f3d2ecf9 100644 --- a/src/lxc/log.c +++ b/src/lxc/log.c @@ -43,6 +43,10 @@ #include "utils.h" #include "lxccontainer.h" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + /* We're logging in seconds and nanoseconds. Assuming that the underlying * datatype is currently at maximum a 64bit integer, we have a date string that * is of maximum length (2^64 - 1) * 2 = (21 + 21) = 42. @@ -575,8 +579,8 @@ extern const char *lxc_log_get_file(void) extern void lxc_log_set_prefix(const char *prefix) { - strncpy(log_prefix, prefix, sizeof(log_prefix)); - log_prefix[sizeof(log_prefix) - 1] = 0; + /* We don't care if thte prefix is truncated. */ + (void)strlcpy(log_prefix, prefix, sizeof(log_prefix)); } extern const char *lxc_log_get_prefix(void) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 5e5f2217e..0056a4287 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -87,6 +87,9 @@ #define MAX_BUFFER 4096 #define NOT_SUPPORTED_ERROR "the requested function %s is not currently supported with unprivileged containers" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif /* Define faccessat() if missing from the C library */ #ifndef HAVE_FACCESSAT @@ -701,7 +704,7 @@ static void push_arg(char ***argp, char *arg, int *nargs) static char **split_init_cmd(const char *incmd) { - size_t len; + size_t len, retlen; char *copy, *p; char **argv; int nargs = 0; @@ -712,8 +715,10 @@ static char **split_init_cmd(const char *incmd) len = strlen(incmd) + 1; copy = alloca(len); - strncpy(copy, incmd, len); - copy[len - 1] = '\0'; + retlen = strlcpy(copy, incmd, len); + if (retlen >= len) { + return NULL; + } do { argv = malloc(sizeof(char *)); diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c index acd8bfac8..91c4b4ee9 100644 --- a/src/lxc/monitor.c +++ b/src/lxc/monitor.c @@ -49,6 +49,10 @@ #include "state.h" #include "utils.h" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + lxc_log_define(lxc_monitor, lxc); /* routines used by monitor publishers (containers) */ @@ -131,9 +135,8 @@ void lxc_monitor_send_state(const char *name, lxc_state_t state, const char *lxcpath) { struct lxc_msg msg = {.type = lxc_msg_state, .value = state}; - strncpy(msg.name, name, sizeof(msg.name)); - msg.name[sizeof(msg.name) - 1] = 0; + (void)strlcpy(msg.name, name, sizeof(msg.name)); lxc_monitor_fifo_send(&msg, lxcpath); } @@ -141,9 +144,8 @@ void lxc_monitor_send_exit_code(const char *name, int exit_code, const char *lxcpath) { struct lxc_msg msg = {.type = lxc_msg_exit_code, .value = exit_code}; - strncpy(msg.name, name, sizeof(msg.name)); - msg.name[sizeof(msg.name) - 1] = 0; + (void)strlcpy(msg.name, name, sizeof(msg.name)); lxc_monitor_fifo_send(&msg, lxcpath); } diff --git a/src/lxc/network.c b/src/lxc/network.c index af8a0ce5a..445127987 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -59,6 +59,10 @@ #include <../include/ifaddrs.h> #endif +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + #ifndef IFLA_LINKMODE #define IFLA_LINKMODE 17 #endif @@ -1815,7 +1819,8 @@ static int lxc_ovs_attach_bridge(const char *bridge, const char *nic) int lxc_bridge_attach(const char *bridge, const char *ifname) { - int fd, index, err; + int err, fd, index; + size_t retlen; struct ifreq ifr; if (strlen(ifname) >= IFNAMSIZ) @@ -1832,8 +1837,10 @@ int lxc_bridge_attach(const char *bridge, const char *ifname) if (fd < 0) return -errno; - strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1); - ifr.ifr_name[IFNAMSIZ-1] = '\0'; + retlen = strlcpy(ifr.ifr_name, bridge, IFNAMSIZ); + if (retlen >= IFNAMSIZ) + return -E2BIG; + ifr.ifr_ifindex = index; err = ioctl(fd, SIOCBRADDIF, &ifr); close(fd); @@ -2032,6 +2039,7 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna if (child == 0) { int ret; + size_t retlen; char pidstr[LXC_NUMSTRLEN64]; close(pipefd[0]); @@ -2046,9 +2054,13 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna } if (netdev->link[0] != '\0') - strncpy(netdev_link, netdev->link, IFNAMSIZ - 1); + retlen = strlcpy(netdev_link, netdev->link, IFNAMSIZ); else - strncpy(netdev_link, "none", IFNAMSIZ - 1); + retlen = strlcpy(netdev_link, "none", IFNAMSIZ); + if (retlen >= IFNAMSIZ) { + SYSERROR("Invalid network device name"); + _exit(EXIT_FAILURE); + } ret = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", pid); if (ret < 0 || ret >= LXC_NUMSTRLEN64) diff --git a/src/lxc/start.c b/src/lxc/start.c index 4498a702a..014602bb6 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -82,6 +82,10 @@ #include "storage/storage.h" #include "storage/storage_utils.h" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + lxc_log_define(lxc_start, lxc); extern void mod_all_rdeps(struct lxc_container *c, bool inc); @@ -377,6 +381,7 @@ static int signal_handler(int fd, uint32_t events, void *data, int lxc_serve_state_clients(const char *name, struct lxc_handler *handler, lxc_state_t state) { + size_t retlen; ssize_t ret; struct lxc_list *cur, *next; struct state_client *client; @@ -394,8 +399,9 @@ int lxc_serve_state_clients(const char *name, struct lxc_handler *handler, return 0; } - strncpy(msg.name, name, sizeof(msg.name)); - msg.name[sizeof(msg.name) - 1] = 0; + retlen = strlcpy(msg.name, name, sizeof(msg.name)); + if (retlen >= sizeof(msg.name)) + return -E2BIG; lxc_list_for_each_safe(cur, &handler->state_clients, next) { client = cur->elem; diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c index bbfc9c8fe..592ead91c 100644 --- a/src/lxc/storage/btrfs.c +++ b/src/lxc/storage/btrfs.c @@ -41,6 +41,10 @@ #include "storage.h" #include "utils.h" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + lxc_log_define(btrfs, lxc); /* defined in lxccontainer.c: needs to become common helper */ @@ -220,38 +224,46 @@ int btrfs_umount(struct lxc_storage *bdev) static int btrfs_subvolume_create(const char *path) { - int ret, fd = -1; - struct btrfs_ioctl_vol_args args; - char *p, *newfull = strdup(path); + int ret, saved_errno; + size_t retlen; + struct btrfs_ioctl_vol_args args; + char *p, *newfull; + int fd = -1; + newfull = strdup(path); if (!newfull) { - ERROR("Error: out of memory"); - return -1; + errno = ENOMEM; + return -ENOMEM; } p = strrchr(newfull, '/'); if (!p) { - ERROR("bad path: %s", path); free(newfull); - return -1; + errno = EINVAL; + return -EINVAL; } *p = '\0'; fd = open(newfull, O_RDONLY); if (fd < 0) { - ERROR("Error opening %s", newfull); free(newfull); - return -1; + return -errno; } memset(&args, 0, sizeof(args)); - strncpy(args.name, p+1, BTRFS_SUBVOL_NAME_MAX); - args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0; + retlen = strlcpy(args.name, p + 1, BTRFS_SUBVOL_NAME_MAX); + if (retlen >= BTRFS_SUBVOL_NAME_MAX) { + free(newfull); + close(fd); + return -E2BIG; + } + ret = ioctl(fd, BTRFS_IOC_SUBVOL_CREATE, &args); - INFO("btrfs: snapshot create ioctl returned %d", ret); + saved_errno = errno; - free(newfull); close(fd); + free(newfull); + errno = saved_errno; return ret; } @@ -298,9 +310,11 @@ out: int btrfs_snapshot(const char *orig, const char *new) { - int fd = -1, fddst = -1, ret = -1; - struct btrfs_ioctl_vol_args_v2 args; - char *newdir, *newname, *newfull = NULL; + int fd, fddst, ret; + size_t retlen; + struct btrfs_ioctl_vol_args_v2 args; + char *newdir, *newname; + char *newfull = NULL; newfull = strdup(new); if (!newfull) { @@ -326,9 +340,10 @@ int btrfs_snapshot(const char *orig, const char *new) } memset(&args, 0, sizeof(args)); - args.fd = fd; - strncpy(args.name, newname, BTRFS_SUBVOL_NAME_MAX); - args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0; + retlen = strlcpy(args.name, newname, BTRFS_SUBVOL_NAME_MAX); + if (retlen >= BTRFS_SUBVOL_NAME_MAX) + goto out; + ret = ioctl(fddst, BTRFS_IOC_SNAP_CREATE_V2, &args); INFO("btrfs: snapshot create ioctl returned %d", ret); @@ -412,6 +427,7 @@ int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, static int btrfs_do_destroy_subvol(const char *path) { int ret, fd = -1; + size_t retlen; struct btrfs_ioctl_vol_args args; char *p, *newfull = strdup(path); @@ -436,8 +452,12 @@ static int btrfs_do_destroy_subvol(const char *path) } memset(&args, 0, sizeof(args)); - strncpy(args.name, p+1, BTRFS_SUBVOL_NAME_MAX); - args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0; + retlen = strlcpy(args.name, p+1, BTRFS_SUBVOL_NAME_MAX); + if (retlen >= BTRFS_SUBVOL_NAME_MAX) { + free(newfull); + return -E2BIG; + } + ret = ioctl(fd, BTRFS_IOC_SNAP_DESTROY, &args); INFO("btrfs: snapshot destroy ioctl returned %d for %s", ret, path); if (ret < 0 && errno == EPERM) @@ -491,21 +511,25 @@ static bool update_tree_node(struct mytree_node *n, u64 id, u64 parent, { if (id) n->objid = id; + if (parent) n->parentid = parent; + if (name) { n->name = malloc(name_len + 1); if (!n->name) return false; - strncpy(n->name, name, name_len); - n->name[name_len] = '\0'; + + strcpy(n->name, name); } + if (dirname) { n->dirname = malloc(strlen(dirname) + 1); if (!n->dirname) { free(n->name); return false; } + strcpy(n->dirname, dirname); } return true; diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c index 0ebd025c3..01e71ed05 100644 --- a/src/lxc/storage/storage_utils.c +++ b/src/lxc/storage/storage_utils.c @@ -46,6 +46,10 @@ #include "storage_utils.h" #include "utils.h" +#ifndef HAVE_STRLCPY +#include "include/strlcpy.h" +#endif + #ifndef BLKGETSIZE64 #define BLKGETSIZE64 _IOR(0x12, 114, size_t) #endif @@ -85,13 +89,23 @@ char *dir_new_path(char *src, const char *oldname, const char *name, } while ((p2 = strstr(src, oldname)) != NULL) { - strncpy(p, src, p2 - src); // copy text up to oldname - p += p2 - src; // move target pointer (p) - p += sprintf(p, "%s", - name); // print new name in place of oldname - src = p2 + l2; // move src to end of oldname + size_t retlen; + + /* copy text up to oldname */ + retlen = strlcpy(p, src, p2 - src); + if (retlen >= p2 - src) + return NULL; + + /* move target pointer (p) */ + p += p2 - src; + /* print new name in place of oldname */ + p += sprintf(p, "%s", name); + /* move src to end of oldname */ + src = p2 + l2; } - sprintf(p, "%s", src); // copy the rest of src + + /* copy the rest of src */ + sprintf(p, "%s", src); return ret; }