[lxc-devel] [lxc/master] secure coding: #2 strcpy => strlcpy
2xsec on Github
lxc-bot at linuxcontainers.org
Mon Jun 18 08:41:48 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 414 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180618/694b5cb6/attachment.bin>
-------------- next part --------------
From 43f984ea59ad25c1b5bb692ce9997160e75f37c5 Mon Sep 17 00:00:00 2001
From: Donghwa Jeong <dh48.jeong at samsung.com>
Date: Mon, 18 Jun 2018 17:18:14 +0900
Subject: [PATCH] secure coding: #2 strcpy => strlcpy
Signed-off-by: Donghwa Jeong <dh48.jeong at samsung.com>
---
src/lxc/cmd/lxc_user_nic.c | 10 ++++++++--
src/lxc/confile.c | 6 +++++-
src/lxc/initutils.c | 13 ++++++++++---
src/lxc/pam/pam_cgfs.c | 7 ++++++-
src/lxc/storage/nbd.c | 12 ++++++++++--
src/lxc/storage/rbd.c | 11 +++++++++--
src/lxc/storage/storage.c | 11 +++++++++--
src/lxc/tools/tool_utils.c | 21 ++++++++++++++++-----
src/lxc/utils.c | 28 +++++++++++++++++++++-------
9 files changed, 94 insertions(+), 25 deletions(-)
diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index 8ec6045b9..ec9cd97e0 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -51,6 +51,10 @@
#include "parse.h"
#include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
#define usernic_debug_stream(stream, format, ...) \
do { \
fprintf(stream, "%s: %d: %s: " format, __FILE__, __LINE__, \
@@ -829,9 +833,11 @@ static bool create_db_dir(char *fnam)
{
int ret;
char *p;
+ size_t len;
- p = alloca(strlen(fnam) + 1);
- strcpy(p, fnam);
+ len = strlen(fnam);
+ p = alloca(len + 1);
+ (void)strlcpy(p, fnam, len + 1);
fnam = p;
p = p + 1;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 5227c70c5..d019c8984 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -65,6 +65,10 @@
#include <sys/personality.h>
#endif
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
lxc_log_define(lxc_confile, lxc);
#define lxc_config_define(name) \
@@ -2195,7 +2199,7 @@ static int set_config_uts_name(const char *key, const char *value,
return -1;
}
- strcpy(utsname->nodename, value);
+ (void)strlcpy(utsname->nodename, value, sizeof(utsname->nodename));
free(lxc_conf->utsname);
lxc_conf->utsname = utsname;
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
index 56926fb5f..b95bffdfe 100644
--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -26,6 +26,10 @@
#include "initutils.h"
#include "log.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
lxc_log_define(lxc_initutils, lxc);
static char *copy_global_config_value(char *p)
@@ -35,14 +39,17 @@ static char *copy_global_config_value(char *p)
if (len < 1)
return NULL;
+
if (p[len-1] == '\n') {
p[len-1] = '\0';
len--;
}
- retbuf = malloc(len+1);
+
+ retbuf = malloc(len + 1);
if (!retbuf)
return NULL;
- strcpy(retbuf, p);
+
+ (void)strlcpy(retbuf, p, len + 1);
return retbuf;
}
@@ -355,7 +362,7 @@ int setproctitle(char *title)
ret = prctl(PR_SET_MM, PR_SET_MM_MAP, (long) &prctl_map, sizeof(prctl_map), 0);
if (ret == 0)
- strcpy((char*)arg_start, title);
+ (void)strlcpy((char*)arg_start, title, len);
else
INFO("setting cmdline failed - %s", strerror(errno));
diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
index 8e7404400..359da9223 100644
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -59,6 +59,10 @@
#include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
#define pam_cgfs_debug_stream(stream, format, ...) \
do { \
fprintf(stream, "%s: %d: %s: " format, __FILE__, __LINE__, \
@@ -1626,7 +1630,8 @@ static char *string_join(const char *sep, const char **parts, bool use_as_prefix
return NULL;
if (use_as_prefix)
- strcpy(result, sep);
+ (void)strlcpy(result, sep, (result_len + 1) * sizeof(char));
+
for (p = (char **)parts; *p; p++) {
if (p > (char **)parts)
strcat(result, sep);
diff --git a/src/lxc/storage/nbd.c b/src/lxc/storage/nbd.c
index 5262e4e1f..9f92ecc9b 100644
--- a/src/lxc/storage/nbd.c
+++ b/src/lxc/storage/nbd.c
@@ -37,6 +37,10 @@
#include "storage_utils.h"
#include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
lxc_log_define(nbd, lxc);
struct nbd_attach_data {
@@ -53,10 +57,14 @@ static bool wait_for_partition(const char *path);
bool attach_nbd(char *src, struct lxc_conf *conf)
{
- char *orig = alloca(strlen(src)+1), *p, path[50];
+ char *orig, *p, path[50];
int i = 0;
+ size_t len;
+
+ len = strlen(src);
+ orig = alloca(len + 1);
+ (void)strlcpy(orig, src, len + 1);
- strcpy(orig, src);
/* if path is followed by a partition, drop that for now */
p = strchr(orig, ':');
if (p)
diff --git a/src/lxc/storage/rbd.c b/src/lxc/storage/rbd.c
index 570de53da..10ad892a0 100644
--- a/src/lxc/storage/rbd.c
+++ b/src/lxc/storage/rbd.c
@@ -34,6 +34,10 @@
#include "storage_utils.h"
#include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
lxc_log_define(rbd, lxc);
struct rbd_args {
@@ -193,6 +197,7 @@ int rbd_destroy(struct lxc_storage *orig)
char *rbdfullname;
char cmd_output[MAXPATHLEN];
struct rbd_args args = {0};
+ size_t len;
src = lxc_storage_get_path(orig->src, orig->type);
if (file_exists(src)) {
@@ -206,9 +211,11 @@ int rbd_destroy(struct lxc_storage *orig)
}
}
- rbdfullname = alloca(strlen(src) - 8);
- strcpy(rbdfullname, &src[9]);
+ len = strlen(src);
+ rbdfullname = alloca(len - 8);
+ (void)strlcpy(rbdfullname, &src[9], len - 8);
args.rbd_name = rbdfullname;
+
ret = run_command(cmd_output, sizeof(cmd_output),
rbd_delete_wrapper, (void *)&args);
if (ret < 0) {
diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c
index cac085846..95e664800 100644
--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -60,6 +60,10 @@
#include "utils.h"
#include "zfs.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
#ifndef BLKGETSIZE64
#define BLKGETSIZE64 _IOR(0x12, 114, size_t)
#endif
@@ -564,9 +568,12 @@ struct lxc_storage *storage_create(const char *dest, const char *type,
if (strchr(type, ',')) {
char *dup, *token;
char *saveptr = NULL;
+ size_t len;
+
+ len = strlen(type);
+ dup = alloca(len + 1);
+ (void)strlcpy(dup, type, len + 1);
- dup = alloca(strlen(type) + 1);
- strcpy(dup, type);
for (token = strtok_r(dup, ",", &saveptr); token;
token = strtok_r(NULL, ",", &saveptr)) {
bdev = do_storage_create(dest, token, cname, specs);
diff --git a/src/lxc/tools/tool_utils.c b/src/lxc/tools/tool_utils.c
index a27014ee7..e6ffb9748 100644
--- a/src/lxc/tools/tool_utils.c
+++ b/src/lxc/tools/tool_utils.c
@@ -48,6 +48,10 @@
#include "arguments.h"
#include "tool_utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
int lxc_fill_elevated_privileges(char *flaglist, int *flags)
{
char *token, *saveptr = NULL;
@@ -422,13 +426,16 @@ char **lxc_string_split(const char *string, char _sep)
char **tmp = NULL, **result = NULL;
size_t result_capacity = 0;
size_t result_count = 0;
+ size_t len;
int r, saved_errno;
if (!string)
return calloc(1, sizeof(char *));
- str = alloca(strlen(string) + 1);
- strcpy(str, string);
+ len = strlen(string);
+ str = alloca(len + 1);
+ (void)strlcpy(str, string, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 16);
if (r < 0)
@@ -506,7 +513,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)
return NULL;
if (use_as_prefix)
- strcpy(result, sep);
+ (void)strlcpy(result, sep, result_len + 1);
+
for (p = (char **)parts; *p; p++) {
if (p > (char **)parts)
strcat(result, sep);
@@ -868,12 +876,15 @@ char **lxc_string_split_and_trim(const char *string, char _sep)
size_t result_count = 0;
int r, saved_errno;
size_t i = 0;
+ size_t len;
if (!string)
return calloc(1, sizeof(char *));
- str = alloca(strlen(string)+1);
- strcpy(str, string);
+ len = strlen(string);
+ str = alloca(len + 1);
+ (void)strlcpy(str, string, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
while (token[0] == ' ' || token[0] == '\t')
token++;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 7aafddaff..1319025a1 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -51,6 +51,10 @@
#include "parse.h"
#include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
#ifndef O_PATH
#define O_PATH 010000000
#endif
@@ -641,7 +645,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)
return NULL;
if (use_as_prefix)
- strcpy(result, sep);
+ (void)strlcpy(result, sep, result_len + 1);
+
for (p = (char **)parts; *p; p++) {
if (p > (char **)parts)
strcat(result, sep);
@@ -758,12 +763,15 @@ bool lxc_string_in_list(const char *needle, const char *haystack, char _sep)
{
char *token, *str, *saveptr = NULL;
char sep[2] = { _sep, '\0' };
+ size_t len;
if (!haystack || !needle)
return 0;
- str = alloca(strlen(haystack)+1);
- strcpy(str, haystack);
+ len = strlen(haystack);
+ str = alloca(len + 1);
+ (void)strlcpy(str, haystack, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
if (strcmp(needle, token) == 0)
return 1;
@@ -780,12 +788,15 @@ char **lxc_string_split(const char *string, char _sep)
size_t result_capacity = 0;
size_t result_count = 0;
int r, saved_errno;
+ size_t len;
if (!string)
return calloc(1, sizeof(char *));
- str = alloca(strlen(string) + 1);
- strcpy(str, string);
+ len = strlen(string);
+ str = alloca(len + 1);
+ (void)strlcpy(str, string, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 16);
if (r < 0)
@@ -889,12 +900,15 @@ char **lxc_string_split_and_trim(const char *string, char _sep)
size_t result_count = 0;
int r, saved_errno;
size_t i = 0;
+ size_t len;
if (!string)
return calloc(1, sizeof(char *));
- str = alloca(strlen(string)+1);
- strcpy(str, string);
+ len = strlen(string);
+ str = alloca(len + 1);
+ (void)strlcpy(str, string, len + 1);
+
for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
while (token[0] == ' ' || token[0] == '\t')
token++;
More information about the lxc-devel
mailing list