From d83db35df0ce217c2d7515d8d1af0642db67f9db Mon Sep 17 00:00:00 2001 From: Jordan Bancino Date: Tue, 25 Apr 2023 21:54:51 +0000 Subject: [PATCH] Use strncpy() instead of strcpy(). The OpenBSD linker is complaining about it. Even though every single case strcpy() was used is safe, strncpy() provides a little bit of extra security, and makes the linker happy. --- src/Http.c | 11 +++++++---- src/HttpServer.c | 2 +- src/Json.c | 6 +++--- src/Routes/RouteCapabilities.c | 4 +++- src/Str.c | 2 +- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/src/Http.c b/src/Http.c index 63084d2..100fde7 100644 --- a/src/Http.c +++ b/src/Http.c @@ -567,6 +567,7 @@ HttpParseHeaders(Stream * fp) char *headerPtr; ssize_t i; + size_t len; if (strcmp(line, "\r\n") == 0 || strcmp(line, "\n") == 0) { @@ -584,13 +585,14 @@ HttpParseHeaders(Stream * fp) line[i] = tolower((unsigned char) line[i]); } - headerKey = Malloc((i + 1) * sizeof(char)); + len = i + 1; + headerKey = Malloc(len * sizeof(char)); if (!headerKey) { goto error; } - strcpy(headerKey, line); + strncpy(headerKey, line, len); headerPtr = line + i + 1; @@ -608,14 +610,15 @@ HttpParseHeaders(Stream * fp) line[i] = '\0'; } - headerValue = Malloc(strlen(headerPtr) + 1); + len = strlen(headerPtr) + 1; + headerValue = Malloc(len * sizeof(char)); if (!headerValue) { Free(headerKey); goto error; } - strcpy(headerValue, headerPtr); + strncpy(headerValue, headerPtr, len); HashMapSet(headers, headerKey, headerValue); Free(headerKey); diff --git a/src/HttpServer.c b/src/HttpServer.c index 2b3ca96..0680524 100644 --- a/src/HttpServer.c +++ b/src/HttpServer.c @@ -535,7 +535,7 @@ HttpServerWorkerThread(void *args) requestPathLen = i; requestPath = Malloc(((requestPathLen + 1) * sizeof(char))); - strcpy(requestPath, pathPtr); + strncpy(requestPath, pathPtr, requestPathLen + 1); requestProtocol = &pathPtr[i + 1]; line[lineLen - 2] = '\0'; /* Get rid of \r and \n */ diff --git a/src/Json.c b/src/Json.c index c4e7639..c9a0f37 100644 --- a/src/Json.c +++ b/src/Json.c @@ -523,7 +523,7 @@ JsonDecodeString(Stream * in) /* Move the output of StrUtf8Encode() into our * local buffer */ - strcpy(a, utf8Ptr); + strncpy(a, utf8Ptr, sizeof(a)); Free(utf8Ptr); break; default: @@ -1080,7 +1080,7 @@ JsonDecodeValue(JsonParserState * state) { return NULL; } - strcpy(strValue, state->token); + strncpy(strValue, state->token, state->tokenLen + 1); value = JsonValueString(strValue); Free(strValue); break; @@ -1127,7 +1127,7 @@ JsonDecodeObject(JsonParserState * state) { goto error; } - strcpy(key, state->token); + strncpy(key, state->token, state->tokenLen + 1); JsonTokenSeek(state); if (!JsonExpect(state, TOKEN_COLON)) diff --git a/src/Routes/RouteCapabilities.c b/src/Routes/RouteCapabilities.c index 6fcd7ef..55f045e 100644 --- a/src/Routes/RouteCapabilities.c +++ b/src/Routes/RouteCapabilities.c @@ -32,10 +32,12 @@ ROUTE_IMPL(RouteCapabilities, path, argp) { - RouteArgs *args = argp; HashMap *response; HashMap *capabilities; + (void) path; + (void) argp; + response = HashMapCreate(); capabilities = HashMapCreate(); diff --git a/src/Str.c b/src/Str.c index 2c607c9..ea4e2a9 100644 --- a/src/Str.c +++ b/src/Str.c @@ -101,7 +101,7 @@ StrDuplicate(const char *inStr) return NULL; } - strcpy(outStr, inStr); + strncpy(outStr, inStr, len + 1); return outStr; }