From: Viktor Szakats Date: Tue, 23 Dec 2025 10:59:59 +0000 (+0100) Subject: tests: replace `strcpy()` with `curlx_strcopy()` X-Git-Tag: rc-8_18_0-3~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=436e67f65b9dee1e80aa063c39450f0d1df6ac72;p=thirdparty%2Fcurl.git tests: replace `strcpy()` with `curlx_strcopy()` Also: - examples/hsts-preload: apply the same change as it's based on lib1915 in tests. Make a local clone of `curlx_strcopy()`. Then drop the `_CRT_SECURE_NO_WARNINGS` hack, that's no longer necessary. - curl_setup.h: delete `strcpy()` from the `_CRT_SECURE_NO_WARNINGS` list. Closes #20076 --- diff --git a/docs/examples/hsts-preload.c b/docs/examples/hsts-preload.c index 9ae1ff5b0f..8e73b79cda 100644 --- a/docs/examples/hsts-preload.c +++ b/docs/examples/hsts-preload.c @@ -25,12 +25,6 @@ * Preload domains to HSTS * */ -#ifdef _MSC_VER -#ifndef _CRT_SECURE_NO_WARNINGS -#define _CRT_SECURE_NO_WARNINGS /* for strcpy() */ -#endif -#endif - #include #include @@ -51,6 +45,16 @@ struct state { int index; }; +static void strcopy(char *dest, size_t dsize, const char *src, size_t slen) +{ + if(slen < dsize) { + memcpy(dest, src, slen); + dest[slen] = 0; + } + else if(dsize) + dest[0] = 0; +} + /* "read" is from the point of the library, it wants data from us. One domain entry per invoke. */ static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp) @@ -62,10 +66,10 @@ static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp) host = preload_hosts[s->index].name; expire = preload_hosts[s->index++].exp; - if(host && (strlen(host) < e->namelen)) { - strcpy(e->name, host); + if(host) { + strcopy(e->name, e->namelen, host, strlen(host)); e->includeSubDomains = 0; - strcpy(e->expire, expire); + strcopy(e->expire, sizeof(e->expire), expire, strlen(expire)); fprintf(stderr, "HSTS preload '%s' until '%s'\n", host, expire); } else diff --git a/lib/curl_setup.h b/lib/curl_setup.h index e3903f475a..9027e30dcf 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -94,7 +94,7 @@ #define _CRT_NONSTDC_NO_DEPRECATE /* for close(), fileno(), unlink(), etc. */ #endif #ifndef _CRT_SECURE_NO_WARNINGS -#define _CRT_SECURE_NO_WARNINGS /* for getenv(), strcpy(), tests: sscanf() */ +#define _CRT_SECURE_NO_WARNINGS /* for getenv(), tests: sscanf() */ #endif #endif /* _MSC_VER */ diff --git a/tests/libtest/lib1901.c b/tests/libtest/lib1901.c index 638e012b5d..ba88719b0a 100644 --- a/tests/libtest/lib1901.c +++ b/tests/libtest/lib1901.c @@ -33,12 +33,11 @@ static size_t t1901_read_cb(char *ptr, size_t size, size_t nmemb, void *stream) NULL }; static int ix = 0; - (void)size; (void)nmemb; (void)stream; if(chunks[ix]) { size_t len = strlen(chunks[ix]); - strcpy(ptr, chunks[ix]); + curlx_strcopy(ptr, size * nmemb, chunks[ix], len); ix++; return len; } diff --git a/tests/libtest/lib1915.c b/tests/libtest/lib1915.c index 6a5be3874a..393d6edcb7 100644 --- a/tests/libtest/lib1915.c +++ b/tests/libtest/lib1915.c @@ -58,10 +58,10 @@ static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp) host = preload_hosts[s->index].name; expire = preload_hosts[s->index++].exp; - if(host && (strlen(host) < e->namelen)) { - strcpy(e->name, host); + if(host) { + curlx_strcopy(e->name, e->namelen, host, strlen(host)); e->includeSubDomains = FALSE; - strcpy(e->expire, expire); + curlx_strcopy(e->expire, sizeof(e->expire), expire, strlen(expire)); curl_mfprintf(stderr, "add '%s'\n", host); } else diff --git a/tests/libtest/lib544.c b/tests/libtest/lib544.c index 4740911666..6ceac095d7 100644 --- a/tests/libtest/lib544.c +++ b/tests/libtest/lib544.c @@ -63,7 +63,7 @@ static CURLcode test_lib544(const char *URL) test_setopt(curl, CURLOPT_HEADER, 1L); /* include header */ /* Update the original data to detect non-copy. */ - strcpy(teststring, "FAIL"); + curlx_strcopy(teststring, sizeof(teststring), "FAIL", strlen("FAIL")); { CURL *curl2; diff --git a/tests/server/getpart.c b/tests/server/getpart.c index d76368e016..94e4b202e0 100644 --- a/tests/server/getpart.c +++ b/tests/server/getpart.c @@ -391,19 +391,19 @@ int getpart(char **outbuf, size_t *outlen, if(STATE_OUTSIDE == state) { /* outermost element () */ - strcpy(curouter, ptag); + curlx_strcopy(curouter, sizeof(curouter), ptag, strlen(ptag)); state = STATE_OUTER; continue; } else if(STATE_OUTER == state) { /* start of a main section */ - strcpy(curmain, ptag); + curlx_strcopy(curmain, sizeof(curmain), ptag, strlen(ptag)); state = STATE_INMAIN; continue; } else if(STATE_INMAIN == state) { /* start of a sub section */ - strcpy(cursub, ptag); + curlx_strcopy(cursub, sizeof(cursub), ptag, strlen(ptag)); state = STATE_INSUB; if(!strcmp(curmain, main) && !strcmp(cursub, sub)) { /* start of wanted part */ diff --git a/tests/server/socksd.c b/tests/server/socksd.c index fdde648d3d..556fb47c62 100644 --- a/tests/server/socksd.c +++ b/tests/server/socksd.c @@ -101,9 +101,12 @@ static void socksd_resetdefaults(void) s_config.reqcmd = CONFIG_REQCMD; s_config.connectrep = CONFIG_CONNECTREP; s_config.port = CONFIG_PORT; - strcpy(s_config.addr, CONFIG_ADDR); - strcpy(s_config.user, "user"); - strcpy(s_config.password, "password"); + curlx_strcopy(s_config.addr, sizeof(s_config.addr), + CONFIG_ADDR, strlen(CONFIG_ADDR)); + curlx_strcopy(s_config.user, sizeof(s_config.user), + "user", strlen("user")); + curlx_strcopy(s_config.password, sizeof(s_config.password), + "password", strlen("password")); } static void socksd_getconfig(void) @@ -141,7 +144,8 @@ static void socksd_getconfig(void) } } else if(!strcmp(key, "backend")) { - strcpy(s_config.addr, value); + curlx_strcopy(s_config.addr, sizeof(s_config.addr), + value, strlen(value)); logmsg("backend [%s] set", s_config.addr); } else if(!strcmp(key, "backendport")) { @@ -152,11 +156,13 @@ static void socksd_getconfig(void) } } else if(!strcmp(key, "user")) { - strcpy(s_config.user, value); + curlx_strcopy(s_config.user, sizeof(s_config.user), + value, strlen(value)); logmsg("user [%s] set", s_config.user); } else if(!strcmp(key, "password")) { - strcpy(s_config.password, value); + curlx_strcopy(s_config.password, sizeof(s_config.password), + value, strlen(value)); logmsg("password [%s] set", s_config.password); } /* Methods: diff --git a/tests/server/util.c b/tests/server/util.c index 529ead7b86..276c54dba5 100644 --- a/tests/server/util.c +++ b/tests/server/util.c @@ -694,7 +694,7 @@ int bind_unix_socket(curl_socket_t sock, const char *unix_socket, logmsg("Too long unix socket domain path (%zd)", len); return -1; } - strcpy(sau->sun_path, unix_socket); + curlx_strcopy(sau->sun_path, sizeof(sau->sun_path), unix_socket, len); rc = bind(sock, (struct sockaddr *)sau, sizeof(struct sockaddr_un)); if(rc && SOCKERRNO == SOCKEADDRINUSE) { struct_stat statbuf; diff --git a/tests/unit/unit3205.c b/tests/unit/unit3205.c index df0ea7f8dd..f4d9ab82da 100644 --- a/tests/unit/unit3205.c +++ b/tests/unit/unit3205.c @@ -560,10 +560,14 @@ static CURLcode test_unit3205(const char *arg) /* suites matched by EDH alias will return the DHE name */ if(test->id >= 0x0011 && test->id < 0x0017) { - if(expect && memcmp(expect, "EDH-", 4) == 0) - expect = (char *)memcpy(strcpy(alt, expect), "DHE-", 4); - if(expect && memcmp(expect + 4, "EDH-", 4) == 0) - expect = (char *)memcpy(strcpy(alt, expect) + 4, "DHE-", 4) - 4; + if(expect && memcmp(expect, "EDH-", 4) == 0) { + curlx_strcopy(alt, sizeof(alt), expect, strlen(expect)); + expect = (char *)memcpy(alt, "DHE-", 4); + } + if(expect && memcmp(expect + 4, "EDH-", 4) == 0) { + curlx_strcopy(alt, sizeof(alt), expect, strlen(expect)); + expect = (char *)memcpy(alt + 4, "DHE-", 4) - 4; + } } if(expect && strcmp(buf, expect) != 0) {