[lxc-devel] [lxc/master] secure coding: #2 strcpy => strlcpy

2xsec on Github lxc-bot at linuxcontainers.org
Mon Jun 18 08:41:48 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 414 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180618/694b5cb6/attachment.bin>
-------------- next part --------------
From 43f984ea59ad25c1b5bb692ce9997160e75f37c5 Mon Sep 17 00:00:00 2001
From: Donghwa Jeong <dh48.jeong at samsung.com>
Date: Mon, 18 Jun 2018 17:18:14 +0900
Subject: [PATCH] secure coding: #2 strcpy => strlcpy

Signed-off-by: Donghwa Jeong <dh48.jeong at samsung.com>
---
 src/lxc/cmd/lxc_user_nic.c | 10 ++++++++--
 src/lxc/confile.c          |  6 +++++-
 src/lxc/initutils.c        | 13 ++++++++++---
 src/lxc/pam/pam_cgfs.c     |  7 ++++++-
 src/lxc/storage/nbd.c      | 12 ++++++++++--
 src/lxc/storage/rbd.c      | 11 +++++++++--
 src/lxc/storage/storage.c  | 11 +++++++++--
 src/lxc/tools/tool_utils.c | 21 ++++++++++++++++-----
 src/lxc/utils.c            | 28 +++++++++++++++++++++-------
 9 files changed, 94 insertions(+), 25 deletions(-)

diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index 8ec6045b9..ec9cd97e0 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -51,6 +51,10 @@
 #include "parse.h"
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 #define usernic_debug_stream(stream, format, ...)                              \
 	do {                                                                   \
 		fprintf(stream, "%s: %d: %s: " format, __FILE__, __LINE__,     \
@@ -829,9 +833,11 @@ static bool create_db_dir(char *fnam)
 {
 	int ret;
 	char *p;
+	size_t len;
 
-	p = alloca(strlen(fnam) + 1);
-	strcpy(p, fnam);
+	len = strlen(fnam);
+	p = alloca(len + 1);
+	(void)strlcpy(p, fnam, len + 1);
 	fnam = p;
 	p = p + 1;
 
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 5227c70c5..d019c8984 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -65,6 +65,10 @@
 #include <sys/personality.h>
 #endif
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 lxc_log_define(lxc_confile, lxc);
 
 #define lxc_config_define(name)                                                \
@@ -2195,7 +2199,7 @@ static int set_config_uts_name(const char *key, const char *value,
 		return -1;
 	}
 
-	strcpy(utsname->nodename, value);
+	(void)strlcpy(utsname->nodename, value, sizeof(utsname->nodename));
 	free(lxc_conf->utsname);
 	lxc_conf->utsname = utsname;
 
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
index 56926fb5f..b95bffdfe 100644
--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -26,6 +26,10 @@
 #include "initutils.h"
 #include "log.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 lxc_log_define(lxc_initutils, lxc);
 
 static char *copy_global_config_value(char *p)
@@ -35,14 +39,17 @@ static char *copy_global_config_value(char *p)
 
 	if (len < 1)
 		return NULL;
+
 	if (p[len-1] == '\n') {
 		p[len-1] = '\0';
 		len--;
 	}
-	retbuf = malloc(len+1);
+
+	retbuf = malloc(len + 1);
 	if (!retbuf)
 		return NULL;
-	strcpy(retbuf, p);
+
+	(void)strlcpy(retbuf, p, len + 1);
 	return retbuf;
 }
 
@@ -355,7 +362,7 @@ int setproctitle(char *title)
 
 	ret = prctl(PR_SET_MM, PR_SET_MM_MAP, (long) &prctl_map, sizeof(prctl_map), 0);
 	if (ret == 0)
-		strcpy((char*)arg_start, title);
+		(void)strlcpy((char*)arg_start, title, len);
 	else
 		INFO("setting cmdline failed - %s", strerror(errno));
 
diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
index 8e7404400..359da9223 100644
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -59,6 +59,10 @@
 
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 #define pam_cgfs_debug_stream(stream, format, ...)                                \
 	do {                                                                   \
 		fprintf(stream, "%s: %d: %s: " format, __FILE__, __LINE__,     \
@@ -1626,7 +1630,8 @@ static char *string_join(const char *sep, const char **parts, bool use_as_prefix
 		return NULL;
 
 	if (use_as_prefix)
-		strcpy(result, sep);
+		(void)strlcpy(result, sep, (result_len + 1) * sizeof(char));
+
 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
 			strcat(result, sep);
diff --git a/src/lxc/storage/nbd.c b/src/lxc/storage/nbd.c
index 5262e4e1f..9f92ecc9b 100644
--- a/src/lxc/storage/nbd.c
+++ b/src/lxc/storage/nbd.c
@@ -37,6 +37,10 @@
 #include "storage_utils.h"
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 lxc_log_define(nbd, lxc);
 
 struct nbd_attach_data {
@@ -53,10 +57,14 @@ static bool wait_for_partition(const char *path);
 
 bool attach_nbd(char *src, struct lxc_conf *conf)
 {
-	char *orig = alloca(strlen(src)+1), *p, path[50];
+	char *orig, *p, path[50];
 	int i = 0;
+	size_t len;
+
+	len = strlen(src);
+	orig = alloca(len + 1);
+	(void)strlcpy(orig, src, len + 1);
 
-	strcpy(orig, src);
 	/* if path is followed by a partition, drop that for now */
 	p = strchr(orig, ':');
 	if (p)
diff --git a/src/lxc/storage/rbd.c b/src/lxc/storage/rbd.c
index 570de53da..10ad892a0 100644
--- a/src/lxc/storage/rbd.c
+++ b/src/lxc/storage/rbd.c
@@ -34,6 +34,10 @@
 #include "storage_utils.h"
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 lxc_log_define(rbd, lxc);
 
 struct rbd_args {
@@ -193,6 +197,7 @@ int rbd_destroy(struct lxc_storage *orig)
 	char *rbdfullname;
 	char cmd_output[MAXPATHLEN];
 	struct rbd_args args = {0};
+	size_t len;
 
 	src = lxc_storage_get_path(orig->src, orig->type);
 	if (file_exists(src)) {
@@ -206,9 +211,11 @@ int rbd_destroy(struct lxc_storage *orig)
 		}
 	}
 
-	rbdfullname = alloca(strlen(src) - 8);
-	strcpy(rbdfullname, &src[9]);
+	len = strlen(src);
+	rbdfullname = alloca(len - 8);
+	(void)strlcpy(rbdfullname, &src[9], len - 8);
 	args.rbd_name = rbdfullname;
+
 	ret = run_command(cmd_output, sizeof(cmd_output),
 			rbd_delete_wrapper, (void *)&args);
 	if (ret < 0) {
diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c
index cac085846..95e664800 100644
--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -60,6 +60,10 @@
 #include "utils.h"
 #include "zfs.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 #ifndef BLKGETSIZE64
 #define BLKGETSIZE64 _IOR(0x12, 114, size_t)
 #endif
@@ -564,9 +568,12 @@ struct lxc_storage *storage_create(const char *dest, const char *type,
 	if (strchr(type, ',')) {
 		char *dup, *token;
 		char *saveptr = NULL;
+		size_t len;
+
+		len = strlen(type);
+		dup = alloca(len + 1);
+		(void)strlcpy(dup, type, len + 1);
 
-		dup = alloca(strlen(type) + 1);
-		strcpy(dup, type);
 		for (token = strtok_r(dup, ",", &saveptr); token;
 		     token = strtok_r(NULL, ",", &saveptr)) {
 			bdev = do_storage_create(dest, token, cname, specs);
diff --git a/src/lxc/tools/tool_utils.c b/src/lxc/tools/tool_utils.c
index a27014ee7..e6ffb9748 100644
--- a/src/lxc/tools/tool_utils.c
+++ b/src/lxc/tools/tool_utils.c
@@ -48,6 +48,10 @@
 #include "arguments.h"
 #include "tool_utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 int lxc_fill_elevated_privileges(char *flaglist, int *flags)
 {
 	char *token, *saveptr = NULL;
@@ -422,13 +426,16 @@ char **lxc_string_split(const char *string, char _sep)
 	char **tmp = NULL, **result = NULL;
 	size_t result_capacity = 0;
 	size_t result_count = 0;
+	size_t len;
 	int r, saved_errno;
 
 	if (!string)
 		return calloc(1, sizeof(char *));
 
-	str = alloca(strlen(string) + 1);
-	strcpy(str, string);
+	len = strlen(string);
+	str = alloca(len + 1);
+	(void)strlcpy(str, string, len + 1);
+
 	for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
 		r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 16);
 		if (r < 0)
@@ -506,7 +513,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)
 		return NULL;
 
 	if (use_as_prefix)
-		strcpy(result, sep);
+		(void)strlcpy(result, sep, result_len + 1);
+
 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
 			strcat(result, sep);
@@ -868,12 +876,15 @@ char **lxc_string_split_and_trim(const char *string, char _sep)
 	size_t result_count = 0;
 	int r, saved_errno;
 	size_t i = 0;
+	size_t len;
 
 	if (!string)
 		return calloc(1, sizeof(char *));
 
-	str = alloca(strlen(string)+1);
-	strcpy(str, string);
+	len = strlen(string);
+	str = alloca(len + 1);
+	(void)strlcpy(str, string, len + 1);
+
 	for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
 		while (token[0] == ' ' || token[0] == '\t')
 			token++;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 7aafddaff..1319025a1 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -51,6 +51,10 @@
 #include "parse.h"
 #include "utils.h"
 
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
+
 #ifndef O_PATH
 #define O_PATH      010000000
 #endif
@@ -641,7 +645,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)
 		return NULL;
 
 	if (use_as_prefix)
-		strcpy(result, sep);
+		(void)strlcpy(result, sep, result_len + 1);
+
 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
 			strcat(result, sep);
@@ -758,12 +763,15 @@ bool lxc_string_in_list(const char *needle, const char *haystack, char _sep)
 {
 	char *token, *str, *saveptr = NULL;
 	char sep[2] = { _sep, '\0' };
+	size_t len;
 
 	if (!haystack || !needle)
 		return 0;
 
-	str = alloca(strlen(haystack)+1);
-	strcpy(str, haystack);
+	len = strlen(haystack);
+	str = alloca(len + 1);
+	(void)strlcpy(str, haystack, len + 1);
+
 	for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
 		if (strcmp(needle, token) == 0)
 			return 1;
@@ -780,12 +788,15 @@ char **lxc_string_split(const char *string, char _sep)
 	size_t result_capacity = 0;
 	size_t result_count = 0;
 	int r, saved_errno;
+	size_t len;
 
 	if (!string)
 		return calloc(1, sizeof(char *));
 
-	str = alloca(strlen(string) + 1);
-	strcpy(str, string);
+	len = strlen(string);
+	str = alloca(len + 1);
+	(void)strlcpy(str, string, len + 1);
+
 	for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
 		r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 16);
 		if (r < 0)
@@ -889,12 +900,15 @@ char **lxc_string_split_and_trim(const char *string, char _sep)
 	size_t result_count = 0;
 	int r, saved_errno;
 	size_t i = 0;
+	size_t len;
 
 	if (!string)
 		return calloc(1, sizeof(char *));
 
-	str = alloca(strlen(string)+1);
-	strcpy(str, string);
+	len = strlen(string);
+	str = alloca(len + 1);
+	(void)strlcpy(str, string, len + 1);
+
 	for (; (token = strtok_r(str, sep, &saveptr)); str = NULL) {
 		while (token[0] == ' ' || token[0] == '\t')
 			token++;


More information about the lxc-devel mailing list