diff --git a/NEWS b/NEWS index 75b9fcb6..f35d1448 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -$Id: NEWS,v 1.96 2006/03/17 16:36:33 rocky Exp $ +$Id: NEWS,v 1.97 2006/03/18 00:53:20 rocky Exp $ version 0.77cvs ===================================== @@ -54,6 +54,8 @@ version 0.77cvs - Revise and improve example programs +- Security: replace all uses of strcat and strcpy with strncat and strncpy + version 0.76 ===================================== 2005-09-23 @@ -341,4 +343,4 @@ version 0.1 Routines split off from VCDImager. -$Id: NEWS,v 1.96 2006/03/17 16:36:33 rocky Exp $ +$Id: NEWS,v 1.97 2006/03/18 00:53:20 rocky Exp $ diff --git a/include/cdio/util.h b/include/cdio/util.h index 17839f44..d1d3e8ac 100644 --- a/include/cdio/util.h +++ b/include/cdio/util.h @@ -1,5 +1,5 @@ /* - $Id: util.h,v 1.9 2006/02/16 20:09:27 rocky Exp $ + $Id: util.h,v 1.10 2006/03/18 00:53:20 rocky Exp $ Copyright (C) 2000 Herbert Valerio Riedel Copyright (C) 2004, 2005, 2006 Rocky Bernstein @@ -91,9 +91,6 @@ _cdio_strdup_upper (const char str[]); void _cdio_strfreev(char **strv); -char * -_cdio_strjoin (char *strv[], unsigned count, const char delim[]); - size_t _cdio_strlenv(char **str_array); diff --git a/lib/cdda_interface/utils.c b/lib/cdda_interface/utils.c index ead205d5..853193fd 100644 --- a/lib/cdda_interface/utils.c +++ b/lib/cdda_interface/utils.c @@ -1,5 +1,5 @@ /* - $Id: utils.c,v 1.2 2005/01/14 01:36:12 rocky Exp $ + $Id: utils.c,v 1.3 2006/03/18 00:53:20 rocky Exp $ Copyright (C) 2004 Rocky Bernstein Copyright (C) 1998 Monty xiphmont@mit.edu @@ -112,9 +112,10 @@ idmessage(int messagedest,char **messages,const char *f, if(!s) buffer=(char *)f; else{ - buffer=malloc(strlen(f)+strlen(s)+10); + const unsigned int i_buffer=strlen(f)+strlen(s)+10; + buffer=malloc(i_buffer); sprintf(buffer,f,s); - strcat(buffer,"\n"); + strncat(buffer,"\n", i_buffer); malloced=1; } @@ -138,13 +139,15 @@ idmessage(int messagedest,char **messages,const char *f, } char * -catstring(char *buff,const char *s){ - if(s){ - if(buff) - buff=realloc(buff,strlen(buff)+strlen(s)+9); - else - buff=calloc(strlen(s)+9,1); - strcat(buff,s); +catstring(char *buff, const char *s) { + if (s) { + const unsigned int add_len = strlen(s) + 9; + if(buff) { + buff = realloc(buff, strlen(buff) + add_len); + } else { + buff=calloc(add_len, 1); + } + strncat(buff, s, add_len); } return(buff); } diff --git a/lib/driver/gnu_linux.c b/lib/driver/gnu_linux.c index 1bb5e8a5..c84f2c47 100644 --- a/lib/driver/gnu_linux.c +++ b/lib/driver/gnu_linux.c @@ -1,5 +1,5 @@ /* - $Id: gnu_linux.c,v 1.19 2005/11/07 07:41:29 rocky Exp $ + $Id: gnu_linux.c,v 1.20 2006/03/18 00:53:20 rocky Exp $ Copyright (C) 2001 Herbert Valerio Riedel Copyright (C) 2002, 2003, 2004, 2005 Rocky Bernstein @@ -27,7 +27,7 @@ # include "config.h" #endif -static const char _rcsid[] = "$Id: gnu_linux.c,v 1.19 2005/11/07 07:41:29 rocky Exp $"; +static const char _rcsid[] = "$Id: gnu_linux.c,v 1.20 2006/03/18 00:53:20 rocky Exp $"; #include @@ -140,20 +140,24 @@ check_mounts_linux(const char *mtab) char *tmp; char *mnt_type; char *mnt_dev; + unsigned int i_mnt_type; + unsigned int i_mnt_dev; while ( (mntent=getmntent(mntfp)) != NULL ) { - mnt_type = malloc(strlen(mntent->mnt_type) + 1); + i_mnt_type = strlen(mntent->mnt_type) + 1; + mnt_type = calloc(1, i_mnt_type); if (mnt_type == NULL) continue; /* maybe you'll get lucky next time. */ - mnt_dev = malloc(strlen(mntent->mnt_fsname) + 1); + i_mnt_dev = strlen(mntent->mnt_fsname) + 1; + mnt_dev = calloc(1, i_mnt_dev); if (mnt_dev == NULL) { free(mnt_type); continue; } - strcpy(mnt_type, mntent->mnt_type); - strcpy(mnt_dev, mntent->mnt_fsname); + strncpy(mnt_type, mntent->mnt_type, i_mnt_type); + strncpy(mnt_dev, mntent->mnt_fsname, i_mnt_dev); /* Handle "supermount" filesystem mounts */ if ( strcmp(mnt_type, "supermount") == 0 ) { diff --git a/lib/driver/util.c b/lib/driver/util.c index fd4a3c47..8eb9487b 100644 --- a/lib/driver/util.c +++ b/lib/driver/util.c @@ -1,5 +1,5 @@ /* - $Id: util.c,v 1.2 2005/02/03 07:35:15 rocky Exp $ + $Id: util.c,v 1.3 2006/03/18 00:53:20 rocky Exp $ Copyright (C) 2000 Herbert Valerio Riedel Copyright (C) 2003, 2004, 2005 Rocky Bernstein @@ -36,7 +36,7 @@ #include #include -static const char _rcsid[] = "$Id: util.c,v 1.2 2005/02/03 07:35:15 rocky Exp $"; +static const char _rcsid[] = "$Id: util.c,v 1.3 2006/03/18 00:53:20 rocky Exp $"; size_t _cdio_strlenv(char **str_array) @@ -64,36 +64,6 @@ _cdio_strfreev(char **strv) free(strv); } -char * -_cdio_strjoin (char *strv[], unsigned count, const char delim[]) -{ - size_t len; - char *new_str; - unsigned n; - - cdio_assert (strv != NULL); - cdio_assert (delim != NULL); - - len = (count-1) * strlen (delim); - - for (n = 0;n < count;n++) - len += strlen (strv[n]); - - len++; - - new_str = calloc (1, len); - new_str[0] = '\0'; - - for (n = 0;n < count;n++) - { - if (n) - strcat (new_str, delim); - strcat (new_str, strv[n]); - } - - return new_str; -} - char ** _cdio_strsplit(const char str[], char delim) /* fixme -- non-reentrant */ { diff --git a/lib/udf/udf_fs.c b/lib/udf/udf_fs.c index 926b8a22..78b0aa5a 100644 --- a/lib/udf/udf_fs.c +++ b/lib/udf/udf_fs.c @@ -1,5 +1,5 @@ /* - $Id: udf_fs.c,v 1.14 2006/01/26 04:41:50 rocky Exp $ + $Id: udf_fs.c,v 1.15 2006/03/18 00:53:20 rocky Exp $ Copyright (C) 2005 Rocky Bernstein @@ -230,7 +230,7 @@ udf_fopen(udf_dirent_t *p_udf_root, const char *psz_name) char tokenline[udf_MAX_PATHLEN]; char *psz_token; - strcpy(tokenline, psz_name); + strncpy(tokenline, psz_name, udf_MAX_PATHLEN); psz_token = strtok(tokenline, udf_PATH_DELIMITERS); if (psz_token) p_udf_file = udf_ff_traverse(p_udf_root, psz_token);