From: Donghwa Jeong <dh48.jeong@samsung.com>
Date: Wed, 20 Jun 2018 05:52:42 +0000 (+0900)
Subject: secure coding: strcat => strncat
X-Git-Tag: lxc-3.1.0~235^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efed99a42b93f620ef43efde8c310c47f078c4a4;p=thirdparty%2Flxc.git

secure coding: strcat => strncat

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index f37e52635..2aff05300 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -856,8 +856,8 @@ static bool append_ttyname(char **pp, char *name)
 		return false;
 
 	*pp = p;
-	strcat(p, " ");
-	strcat(p, name);
+	strncat(p, " ", 1);
+	strncat(p, name, strlen(name));
 
 	return true;
 }
@@ -1788,9 +1788,10 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs,
 	return lxc_setup_ttydir_console(rootfs, console, ttydir);
 }
 
-static void parse_mntopt(char *opt, unsigned long *flags, char **data)
+static void parse_mntopt(char *opt, unsigned long *flags, char **data, size_t size)
 {
 	struct mount_opt *mo;
+	size_t cursize;
 
 	/* If opt is found in mount_opt, set or clear flags.
 	 * Otherwise append it to data. */
@@ -1805,15 +1806,23 @@ static void parse_mntopt(char *opt, unsigned long *flags, char **data)
 		}
 	}
 
-	if (strlen(*data))
-		strcat(*data, ",");
-	strcat(*data, opt);
+	cursize = strlen(*data);
+	if (cursize)
+		cursize += 1;
+
+	if (size - cursize > 1) {
+		if (cursize)
+			strncat(*data, ",", 1);
+
+		strncat(*data, opt, size - cursize - 1);
+	}
 }
 
 int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
 {
 	char *data, *p, *s;
 	char *saveptr = NULL;
+	size_t size;
 
 	*mntdata = NULL;
 	*mntflags = 0L;
@@ -1825,7 +1834,8 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
 	if (!s)
 		return -1;
 
-	data = malloc(strlen(s) + 1);
+	size = strlen(s) + 1;
+	data = malloc(size);
 	if (!data) {
 		free(s);
 		return -1;
@@ -1833,7 +1843,7 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
 	*data = 0;
 
 	for (; (p = strtok_r(s, ",", &saveptr)); s = NULL)
-		parse_mntopt(p, mntflags, &data);
+		parse_mntopt(p, mntflags, &data, size);
 
 	if (*data)
 		*mntdata = data;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 82ee093fd..593986510 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2060,10 +2060,11 @@ int append_unexp_config_line(const char *line, struct lxc_conf *conf)
 		conf->unexpanded_config = tmp;
 		conf->unexpanded_alloced += 1024;
 	}
-	strcat(conf->unexpanded_config, line);
+
+	strncat(conf->unexpanded_config, line, linelen);
 	conf->unexpanded_len += linelen;
 	if (line[linelen - 1] != '\n') {
-		strcat(conf->unexpanded_config, "\n");
+		strncat(conf->unexpanded_config, "\n", 1);
 		conf->unexpanded_len++;
 	}
 
diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
index 359da9223..0abcc286d 100644
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -1634,8 +1634,8 @@ static char *string_join(const char *sep, const char **parts, bool use_as_prefix
 
 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
-			strcat(result, sep);
-		strcat(result, *p);
+			strncat(result, sep, sep_len);
+		strncat(result, *p, strlen(*p));
 	}
 
 	return result;
diff --git a/src/lxc/pam/utils.c b/src/lxc/pam/utils.c
index 034f4ce3e..93643bbb1 100644
--- a/src/lxc/pam/utils.c
+++ b/src/lxc/pam/utils.c
@@ -77,10 +77,12 @@ char *must_make_path(const char *first, ...)
 		full_len += strlen(cur);
 		if (cur[0] != '/')
 			full_len++;
+
 		dest = must_realloc(dest, full_len + 1);
+
 		if (cur[0] != '/')
-			strcat(dest, "/");
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);
 
diff --git a/src/lxc/tools/tool_utils.c b/src/lxc/tools/tool_utils.c
index e6ffb9748..594e9ae22 100644
--- a/src/lxc/tools/tool_utils.c
+++ b/src/lxc/tools/tool_utils.c
@@ -517,8 +517,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)
 
 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
-			strcat(result, sep);
-		strcat(result, *p);
+			strncat(result, sep, sep_len);
+		strncat(result, *p, strlen(*p));
 	}
 
 	return result;
@@ -1079,10 +1079,12 @@ char *must_make_path(const char *first, ...)
 		full_len += strlen(cur);
 		if (cur[0] != '/')
 			full_len++;
+
 		dest = must_realloc(dest, full_len + 1);
+
 		if (cur[0] != '/')
-			strcat(dest, "/");
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);
 
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 1319025a1..56e59af09 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -649,8 +649,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)
 
 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
-			strcat(result, sep);
-		strcat(result, *p);
+			strncat(result, sep, sep_len);
+		strncat(result, *p, strlen(*p));
 	}
 
 	return result;
@@ -2318,10 +2318,12 @@ char *must_make_path(const char *first, ...)
 		full_len += strlen(cur);
 		if (cur[0] != '/')
 			full_len++;
+
 		dest = must_realloc(dest, full_len + 1);
+
 		if (cur[0] != '/')
-			strcat(dest, "/");
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);
 
@@ -2339,16 +2341,14 @@ char *must_append_path(char *first, ...)
 	va_start(args, first);
 	while ((cur = va_arg(args, char *)) != NULL) {
 		full_len += strlen(cur);
-
 		if (cur[0] != '/')
 			full_len++;
 
 		dest = must_realloc(dest, full_len + 1);
 
 		if (cur[0] != '/')
-			strcat(dest, "/");
-
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);