[lxc-devel] [lxc/master] secure coding: strcpy => strlcpy
2xsec on Github
lxc-bot at linuxcontainers.org
Mon Jun 18 02:34:38 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 400 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180618/1cd6a7d6/attachment.bin>
-------------- next part --------------
From cbb9c7c763f77f8ba9e8ab5745fe624ae0ca3b7b Mon Sep 17 00:00:00 2001
From: Donghwa Jeong <dh48.jeong at samsung.com>
Date: Mon, 18 Jun 2018 11:30:41 +0900
Subject: [PATCH] secure coding: strcpy => strlcpy
Signed-off-by: Donghwa Jeong <dh48.jeong at samsung.com>
---
src/lxc/criu.c | 2 +-
src/lxc/lxccontainer.c | 10 +++++++---
src/lxc/start.c | 4 +++-
src/lxc/storage/btrfs.c | 13 ++++++++-----
4 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 155e69f86..9ccd9b2e5 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -923,7 +923,7 @@ static bool restore_net_info(struct lxc_container *c)
if (!lxc_mkifname(template))
goto out_unlock;
- strcpy(netdev->priv.veth_attr.veth1, template);
+ (void)strlcpy(netdev->priv.veth_attr.veth1, template, IFNAMSIZ);
}
}
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index f2a29acf8..e34fdecf2 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1192,7 +1192,8 @@ static int do_create_container_dir(const char *path, struct lxc_conf *conf)
len = strlen(path);
p = alloca(len + 1);
- strcpy(p, path);
+ (void)strlcpy(p, path, len + 1);
+
if (!lxc_list_empty(&conf->id_map)) {
ret = chown_mapped_root(p, conf);
if (ret < 0)
@@ -4777,6 +4778,7 @@ static int lxcapi_attach_run_waitl(struct lxc_container *c, lxc_attach_options_t
struct lxc_container *lxc_container_new(const char *name, const char *configpath)
{
struct lxc_container *c;
+ size_t len;
if (!name)
return NULL;
@@ -4799,12 +4801,14 @@ struct lxc_container *lxc_container_new(const char *name, const char *configpath
}
remove_trailing_slashes(c->config_path);
- c->name = malloc(strlen(name)+1);
+
+ len = strlen(name);
+ c->name = malloc(len + 1);
if (!c->name) {
fprintf(stderr, "Failed to allocate memory for %s\n", name);
goto err;
}
- strcpy(c->name, name);
+ (void)strlcpy(c->name, name, len + 1);
c->numthreads = 1;
c->slock = lxc_newlock(c->config_path, name);
diff --git a/src/lxc/start.c b/src/lxc/start.c
index abddd16c7..2dae6652a 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -110,9 +110,11 @@ static void print_top_failing_dir(const char *path)
len = strlen(path);
copy = alloca(len + 1);
- strcpy(copy, path);
+ (void)strlcpy(copy, path, len + 1);
+
p = copy;
e = copy + len;
+
while (p < e) {
while (p < e && *p == '/')
p++;
diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c
index f22c41747..3458b1f65 100644
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -88,8 +88,8 @@ char *get_btrfs_subvol_path(int fd, u64 dir_id, u64 objid, char *name,
retpath = malloc(len);
if (!retpath)
return NULL;
- strcpy(retpath, args.name);
- strcat(retpath, "/");
+ (void)strlcpy(retpath, args.name, len);
+ strncat(retpath, "/", 1);
strncat(retpath, name, name_len);
} else {
/* we're at the root of ref_tree */
@@ -602,17 +602,20 @@ static bool update_tree_node(struct mytree_node *n, u64 id, u64 parent,
if (!n->name)
return false;
- strcpy(n->name, name);
+ (void)strlcpy(n->name, name, name_len + 1);
}
if (dirname) {
- n->dirname = malloc(strlen(dirname) + 1);
+ size_t len;
+
+ len = strlen(dirname);
+ n->dirname = malloc(len + 1);
if (!n->dirname) {
free(n->name);
return false;
}
- strcpy(n->dirname, dirname);
+ (void)strlcpy(n->dirname, dirname, len + 1);
}
return true;
}
More information about the lxc-devel
mailing list