tUse strlcpy() and fix uninitialized variables - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit fc777644442cd8bf8742e916aef145e281ae1b01
(DIR) parent d2808e58d2794e82db767b7d4f4265464c9ed182
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Fri, 23 Aug 2019 14:10:57 +0200
Use strlcpy() and fix uninitialized variables
Patch from Tudor Roman, thanks!
Diffstat:
M safe-agent.c | 7 ++++---
A strlcpy.h | 45 +++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+), 3 deletions(-)
---
(DIR) diff --git a/safe-agent.c b/safe-agent.c
t@@ -18,6 +18,7 @@
#include <sodium.h>
#include "arg.h"
+#include "strlcpy.h"
#define SOCKDIR "/tmp/safe-XXXXXX"
#define SOCKET "agent"
t@@ -108,7 +109,7 @@ creatsock(char *sockpath)
umask(0177);
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- strcpy(addr.sun_path, sockpath);
+ strlcpy(addr.sun_path, sockpath, sizeof(addr.sun_path));
if (bind(sfd, (struct sockaddr *) &addr, sizeof(addr)) < 0)
return -1;
t@@ -216,7 +217,7 @@ int
main(int argc, char *argv[])
{
pid_t pid;
- int timeout, fd, dflag;
+ int fd, timeout = 0, dflag = 0;
size_t dirlen;
char path[PATH_MAX] = SOCKDIR;
struct rlimit rlim;
t@@ -241,7 +242,7 @@ main(int argc, char *argv[])
} ARGEND
if (sockp) {
- strncpy(path, sockp, sizeof(path));
+ strlcpy(path, sockp, sizeof(path));
} else {
if (!mkdtemp(path))
err(1, "mkdtemp: %s", path);
(DIR) diff --git a/strlcpy.h b/strlcpy.h
t@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <sys/types.h>
+#include <string.h>
+/* Implementation of strlcpy() for platforms that don't already have it. */
+/*
+ * Copy src to string dst of size siz. At most siz-1 characters
+ * will be copied. Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t
+strlcpy(char *dst, const char *src, size_t siz)
+{
+ char *d = dst;
+ const char *s = src;
+ size_t n = siz;
+ /* Copy as many bytes as will fit */
+ if (n != 0) {
+ while (--n != 0) {
+ if ((*d++ = *s++) == '\0')
+ break;
+ }
+ }
+ /* Not enough room in dst, add NUL and traverse rest of src */
+ if (n == 0) {
+ if (siz != 0)
+ *d = '\0'; /* NUL-terminate dst */
+ while (*s++)
+ ;
+ }
+ return(s - src - 1); /* count does not include NUL */
+}