From: Donghwa Jeong <dh48.jeong@samsung.com>
Date: Wed, 20 Jun 2018 09:34:24 +0000 (+0900)
Subject: secure coding: cgfsng: strncat, strlcpy
X-Git-Tag: lxc-3.1.0~235^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64e82f8b3a2b70ec88b1d5f41325886b911cfcf1;p=thirdparty%2Flxc.git

secure coding: cgfsng: strncat, strlcpy

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 5eefd3f9a..2540bd811 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -58,6 +58,10 @@
 #include "storage/storage.h"
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 lxc_log_define(lxc_cgfsng, lxc);
 
 static void free_string_list(char **clist)
@@ -1195,19 +1199,23 @@ static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname)
 	 * some thinking.
 	 */
 	for (it = h->controllers; it && *it; it++) {
-                full_len += strlen(*it) + 2;
-                add_controllers = must_realloc(add_controllers, full_len + 1);
-                if (h->controllers[0] == *it)
-                        add_controllers[0] = '\0';
-                strcat(add_controllers, "+");
-                strcat(add_controllers, *it);
-                if ((it + 1) && *(it + 1))
-                        strcat(add_controllers, " ");
+		full_len += strlen(*it) + 2;
+		add_controllers = must_realloc(add_controllers, full_len + 1);
+
+		if (h->controllers[0] == *it)
+			add_controllers[0] = '\0';
+
+		strncat(add_controllers, "+", 1);
+		strncat(add_controllers, *it, strlen(*it));
+
+		if ((it + 1) && *(it + 1))
+			strncat(add_controllers, " ", 1);
 	}
 
 	parts = lxc_string_split(cgname, '/');
 	if (!parts)
 		goto on_error;
+
 	parts_len = lxc_array_len((void **)parts);
 	if (parts_len > 0)
 		parts_len--;
@@ -1301,9 +1309,10 @@ static inline bool cgfsng_create(struct cgroup_ops *ops,
 		ERROR("Failed expanding cgroup name pattern");
 		return false;
 	}
+
 	len = strlen(tmp) + 5; /* leave room for -NNN\0 */
 	container_cgroup = must_alloc(len);
-	strcpy(container_cgroup, tmp);
+	(void)strlcpy(container_cgroup, tmp, len);
 	free(tmp);
 	offset = container_cgroup + len - 5;
 
@@ -1942,7 +1951,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
 		if (ret < 0 && errno != EEXIST)
 			goto on_error;
 
-		strcat(full_path, "/cgroup.procs");
+		strncat(full_path, "/cgroup.procs", strlen("/cgroup.procs"));
 		ret = lxc_write_to_file(full_path, pidstr, len, false, 0666);
 		if (ret == 0)
 			goto on_success;
@@ -2022,7 +2031,8 @@ static int cgfsng_get(struct cgroup_ops *ops, const char *filename, char *value,
 
 	controller_len = strlen(filename);
 	controller = alloca(controller_len + 1);
-	strcpy(controller, filename);
+	(void)strlcpy(controller, filename, controller_len + 1);
+
 	p = strchr(controller, '.');
 	if (p)
 		*p = '\0';
@@ -2059,7 +2069,8 @@ static int cgfsng_set(struct cgroup_ops *ops, const char *filename,
 
 	controller_len = strlen(filename);
 	controller = alloca(controller_len + 1);
-	strcpy(controller, filename);
+	(void)strlcpy(controller, filename, controller_len + 1);
+
 	p = strchr(controller, '.');
 	if (p)
 		*p = '\0';
@@ -2176,7 +2187,8 @@ static int cg_legacy_set_data(struct cgroup_ops *ops, const char *filename,
 
 	len = strlen(filename);
 	controller = alloca(len + 1);
-	strcpy(controller, filename);
+	(void)strlcpy(controller, filename, len + 1);
+
 	p = strchr(controller, '.');
 	if (p)
 		*p = '\0';