From: Viktor Szakats Date: Mon, 17 Nov 2025 22:49:15 +0000 (+0100) Subject: lib: replace `_tcsncpy`/`wcsncpy`/`wcscpy` with `_s` counterparts (Windows) X-Git-Tag: rc-8_18_0-1~198 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eaa7651374898cef89e5783b0219bdffcc0eb60e;p=thirdparty%2Fcurl.git lib: replace `_tcsncpy`/`wcsncpy`/`wcscpy` with `_s` counterparts (Windows) Replace: - curl_sspi: macro `_tcsncpy()` with `_tcsncpy_s()`. - curlx/fopen: `wcsncpy()` with `wcsncpy_s()`. - curlx/fopen: `wcscpy()` with `wcscpy_s()`. Use of the pre-existing functions were safe. This patch aims to use the recommended Windows CRT functions. Handle errors returned by them. Also to avoid the compiler warnings silenced via `_CRT_SECURE_NO_WARNINGS`: ``` lib/curl_sspi.c(152): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(161): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(162): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(174): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(175): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. ``` Refs: https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-strncpy-l-wcsncpy-wcsncpy-l-mbsncpy-mbsncpy-l https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l https://learn.microsoft.com/cpp/c-runtime-library/security-features-in-the-crt Cherry-picked from #19581 (in part) Closes #19589 --- diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 0df96d5efd..05e6149f61 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -98,7 +98,7 @@ #define _CRT_SECURE_NO_WARNINGS /* for __sys_errlist, __sys_nerr, _open(), _wfopen(), _wopen(), fopen(), freopen(), getenv(), gmtime(), mbstowcs(), sprintf(), - strcpy(), wcscpy(), wcsncpy(), wcstombs(), + strcpy(), wcstombs(), in tests: localtime(), open(), sscanf() */ #endif #endif /* _MSC_VER */ diff --git a/lib/curl_sspi.c b/lib/curl_sspi.c index 32b4c894d6..369cf18967 100644 --- a/lib/curl_sspi.c +++ b/lib/curl_sspi.c @@ -149,8 +149,11 @@ CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp, curlx_unicodefree(useranddomain.tchar_ptr); return CURLE_OUT_OF_MEMORY; } - _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen); - *(dup_domain.tchar_ptr + domlen) = TEXT('\0'); + if(_tcsncpy_s(dup_domain.tchar_ptr, domlen + 1, domain.tchar_ptr, domlen)) { + curlx_unicodefree(dup_domain.tchar_ptr); + curlx_unicodefree(useranddomain.tchar_ptr); + return CURLE_OUT_OF_MEMORY; + } identity->Domain = dup_domain.tbyte_ptr; identity->DomainLength = curlx_uztoul(domlen); dup_domain.tchar_ptr = NULL; diff --git a/lib/curlx/fopen.c b/lib/curlx/fopen.c index 333eff7de7..f330753162 100644 --- a/lib/curlx/fopen.c +++ b/lib/curlx/fopen.c @@ -158,8 +158,14 @@ static bool fix_excessive_path(const TCHAR *in, TCHAR **out) if(!temp) goto cleanup; - wcsncpy(temp, L"\\\\?\\UNC\\", 8); - wcscpy(temp + 8, fbuf + 2); + if(wcsncpy_s(temp, needed, L"\\\\?\\UNC\\", 8)) { + (free)(temp); + goto cleanup; + } + if(wcscpy_s(temp + 8, needed, fbuf + 2)) { + (free)(temp); + goto cleanup; + } } else { /* "\\?\" + full path + null */ @@ -171,8 +177,14 @@ static bool fix_excessive_path(const TCHAR *in, TCHAR **out) if(!temp) goto cleanup; - wcsncpy(temp, L"\\\\?\\", 4); - wcscpy(temp + 4, fbuf); + if(wcsncpy_s(temp, needed, L"\\\\?\\", 4)) { + (free)(temp); + goto cleanup; + } + if(wcscpy_s(temp + 4, needed, fbuf)) { + (free)(temp); + goto cleanup; + } } (free)(fbuf);