claunia/libcdio-osx
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Security: replace all uses of strcat and strcpy with strncat and strncpy

Browse Source
This commit is contained in:
rocky
2006-03-18 00:53:20 +00:00
parent 94eda2ef9d
commit 49bc5ccb3f
6 changed files with 32 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@@ -1,4 +1,4 @@
$Id: NEWS,v 1.96 2006/03/17 16:36:33 rocky Exp $
$Id: NEWS,v 1.97 2006/03/18 00:53:20 rocky Exp $
version 0.77cvs
=====================================
@@ -54,6 +54,8 @@ version 0.77cvs
- Revise and improve example programs
- Security: replace all uses of strcat and strcpy with strncat and strncpy
version 0.76
=====================================
2005-09-23
@@ -341,4 +343,4 @@ version 0.1
Routines split off from VCDImager.
$Id: NEWS,v 1.96 2006/03/17 16:36:33 rocky Exp $
$Id: NEWS,v 1.97 2006/03/18 00:53:20 rocky Exp $

5
include/cdio/util.h
View File

@@ -1,5 +1,5 @@
/*
$Id: util.h,v 1.9 2006/02/16 20:09:27 rocky Exp $
$Id: util.h,v 1.10 2006/03/18 00:53:20 rocky Exp $
Copyright (C) 2000 Herbert Valerio Riedel <hvr@gnu.org>
Copyright (C) 2004, 2005, 2006 Rocky Bernstein <rocky@panix.com>
@@ -91,9 +91,6 @@ _cdio_strdup_upper (const char str[]);
void
_cdio_strfreev(char **strv);
char *
_cdio_strjoin (char *strv[], unsigned count, const char delim[]);
size_t
_cdio_strlenv(char **str_array);

23
lib/cdda_interface/utils.c
View File

@@ -1,5 +1,5 @@
/*
$Id: utils.c,v 1.2 2005/01/14 01:36:12 rocky Exp $
$Id: utils.c,v 1.3 2006/03/18 00:53:20 rocky Exp $
Copyright (C) 2004 Rocky Bernstein <rocky@panix.com>
Copyright (C) 1998 Monty xiphmont@mit.edu
@@ -112,9 +112,10 @@ idmessage(int messagedest,char **messages,const char *f,
if(!s)
buffer=(char *)f;
else{
buffer=malloc(strlen(f)+strlen(s)+10);
const unsigned int i_buffer=strlen(f)+strlen(s)+10;
buffer=malloc(i_buffer);
sprintf(buffer,f,s);
strcat(buffer,"\n");
strncat(buffer,"\n", i_buffer);
malloced=1;
}
@@ -138,13 +139,15 @@ idmessage(int messagedest,char **messages,const char *f,
}
char *
catstring(char *buff,const char *s){
if(s){
if(buff)
buff=realloc(buff,strlen(buff)+strlen(s)+9);
else
buff=calloc(strlen(s)+9,1);
strcat(buff,s);
catstring(char *buff, const char *s) {
if (s) {
const unsigned int add_len = strlen(s) + 9;
if(buff) {
buff = realloc(buff, strlen(buff) + add_len);
} else {
buff=calloc(add_len, 1);
}
strncat(buff, s, add_len);
}
return(buff);
}

16
lib/driver/gnu_linux.c
View File

@@ -1,5 +1,5 @@
/*
$Id: gnu_linux.c,v 1.19 2005/11/07 07:41:29 rocky Exp $
$Id: gnu_linux.c,v 1.20 2006/03/18 00:53:20 rocky Exp $
Copyright (C) 2001 Herbert Valerio Riedel <hvr@gnu.org>
Copyright (C) 2002, 2003, 2004, 2005 Rocky Bernstein <rocky@panix.com>
@@ -27,7 +27,7 @@
# include "config.h"
#endif
static const char _rcsid[] = "$Id: gnu_linux.c,v 1.19 2005/11/07 07:41:29 rocky Exp $";
static const char _rcsid[] = "$Id: gnu_linux.c,v 1.20 2006/03/18 00:53:20 rocky Exp $";
#include <string.h>
@@ -140,20 +140,24 @@ check_mounts_linux(const char *mtab)
char *tmp;
char *mnt_type;
char *mnt_dev;
unsigned int i_mnt_type;
unsigned int i_mnt_dev;
while ( (mntent=getmntent(mntfp)) != NULL ) {
mnt_type = malloc(strlen(mntent->mnt_type) + 1);
i_mnt_type = strlen(mntent->mnt_type) + 1;
mnt_type = calloc(1, i_mnt_type);
if (mnt_type == NULL)
continue; /* maybe you'll get lucky next time. */
mnt_dev = malloc(strlen(mntent->mnt_fsname) + 1);
i_mnt_dev = strlen(mntent->mnt_fsname) + 1;
mnt_dev = calloc(1, i_mnt_dev);
if (mnt_dev == NULL) {
free(mnt_type);
continue;
}
strcpy(mnt_type, mntent->mnt_type);
strcpy(mnt_dev, mntent->mnt_fsname);
strncpy(mnt_type, mntent->mnt_type, i_mnt_type);
strncpy(mnt_dev, mntent->mnt_fsname, i_mnt_dev);
/* Handle "supermount" filesystem mounts */
if ( strcmp(mnt_type, "supermount") == 0 ) {

34
lib/driver/util.c
View File

@@ -1,5 +1,5 @@
/*
$Id: util.c,v 1.2 2005/02/03 07:35:15 rocky Exp $
$Id: util.c,v 1.3 2006/03/18 00:53:20 rocky Exp $
Copyright (C) 2000 Herbert Valerio Riedel <hvr@gnu.org>
Copyright (C) 2003, 2004, 2005 Rocky Bernstein <rocky@panix.com>
@@ -36,7 +36,7 @@
#include <cdio/types.h>
#include <cdio/util.h>
static const char _rcsid[] = "$Id: util.c,v 1.2 2005/02/03 07:35:15 rocky Exp $";
static const char _rcsid[] = "$Id: util.c,v 1.3 2006/03/18 00:53:20 rocky Exp $";
size_t
_cdio_strlenv(char **str_array)
@@ -64,36 +64,6 @@ _cdio_strfreev(char **strv)
free(strv);
}
char *
_cdio_strjoin (char *strv[], unsigned count, const char delim[])
{
size_t len;
char *new_str;
unsigned n;
cdio_assert (strv != NULL);
cdio_assert (delim != NULL);
len = (count-1) * strlen (delim);
for (n = 0;n < count;n++)
len += strlen (strv[n]);
len++;
new_str = calloc (1, len);
new_str[0] = '\0';
for (n = 0;n < count;n++)
{
if (n)
strcat (new_str, delim);
strcat (new_str, strv[n]);
}
return new_str;
}
char **
_cdio_strsplit(const char str[], char delim) /* fixme -- non-reentrant */
{

4
lib/udf/udf_fs.c
View File

@@ -1,5 +1,5 @@
/*
$Id: udf_fs.c,v 1.14 2006/01/26 04:41:50 rocky Exp $
$Id: udf_fs.c,v 1.15 2006/03/18 00:53:20 rocky Exp $
Copyright (C) 2005 Rocky Bernstein <rocky@panix.com>
@@ -230,7 +230,7 @@ udf_fopen(udf_dirent_t *p_udf_root, const char *psz_name)
char tokenline[udf_MAX_PATHLEN];
char *psz_token;
strcpy(tokenline, psz_name);
strncpy(tokenline, psz_name, udf_MAX_PATHLEN);
psz_token = strtok(tokenline, udf_PATH_DELIMITERS);
if (psz_token)
p_udf_file = udf_ff_traverse(p_udf_root, psz_token);