summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorho <>2003-03-16 12:18:21 +0000
committerho <>2003-03-16 12:18:21 +0000
commita4c0f9de9c618e0271a7e122136bdfe50301a6d7 (patch)
tree92679b9e140a2b594f7238dbaf4556cb2da66d73
parent68d910a736124944b061ef4eb6d3e07b4682389a (diff)
downloadopenbsd-a4c0f9de9c618e0271a7e122136bdfe50301a6d7.tar.gz
openbsd-a4c0f9de9c618e0271a7e122136bdfe50301a6d7.tar.bz2
openbsd-a4c0f9de9c618e0271a7e122136bdfe50301a6d7.zip
Less strcpy/strcat/sprintf. tdeval@ ok.
Diffstat
-rw-r--r--src/lib/libcrypto/bio/b_dump.c32
-rw-r--r--src/lib/libcrypto/conf/conf_def.c4
-rw-r--r--src/lib/libcrypto/conf/conf_mod.c6
-rw-r--r--src/lib/libcrypto/dso/dso_lib.c4
-rw-r--r--src/lib/libcrypto/mem_dbg.c7
-rw-r--r--src/lib/libcrypto/rand/rand_egd.c2
-rw-r--r--src/lib/libcrypto/ui/ui_lib.c13
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c11
-rw-r--r--src/lib/libssl/src/crypto/bio/b_dump.c32
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_def.c4
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_mod.c6
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_lib.c4
-rw-r--r--src/lib/libssl/src/crypto/mem_dbg.c7
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_egd.c2
-rw-r--r--src/lib/libssl/src/crypto/ui/ui_lib.c13
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_info.c11
16 files changed, 86 insertions, 72 deletions
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
index 8397cfab6a..983604fb49 100644
--- a/src/lib/libcrypto/bio/b_dump.c
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
104 for(i=0;i<rows;i++) 104 for(i=0;i<rows;i++)
105 { 105 {
106 buf[0]='\0'; /* start with empty string */ 106 buf[0]='\0'; /* start with empty string */
107 strcpy(buf,str); 107 strlcpy(buf,str,sizeof buf);
108 sprintf(tmp,"%04x - ",i*dump_width); 108 snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
109 strcat(buf,tmp); 109 strlcat(buf,tmp,sizeof buf);
110 for(j=0;j<dump_width;j++) 110 for(j=0;j<dump_width;j++)
111 { 111 {
112 if (((i*dump_width)+j)>=len) 112 if (((i*dump_width)+j)>=len)
113 { 113 {
114 strcat(buf," "); 114 strlcat(buf," ",sizeof buf);
115 } 115 }
116 else 116 else
117 { 117 {
118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
119 sprintf(tmp,"%02x%c",ch,j==7?'-':' '); 119 snprintf(tmp,sizeof tmp,"%02x%c",ch,
120 strcat(buf,tmp); 120 j==7?'-':' ');
121 strlcat(buf,tmp,sizeof buf);
121 } 122 }
122 } 123 }
123 strcat(buf," "); 124 strlcat(buf," ",sizeof buf);
124 for(j=0;j<dump_width;j++) 125 for(j=0;j<dump_width;j++)
125 { 126 {
126 if (((i*dump_width)+j)>=len) 127 if (((i*dump_width)+j)>=len)
127 break; 128 break;
128 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
129#ifndef CHARSET_EBCDIC 130#ifndef CHARSET_EBCDIC
130 sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); 131 snprintf(tmp,sizeof tmp,"%c",
132 ((ch>=' ')&&(ch<='~'))?ch:'.');
131#else 133#else
132 sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) 134 snprintf(tmp,sizeof tmp,"%c",
133 ? os_toebcdic[ch] 135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
134 : '.'); 136 ? os_toebcdic[ch]
137 : '.');
135#endif 138#endif
136 strcat(buf,tmp); 139 strlcat(buf,tmp,sizeof buf);
137 } 140 }
138 strcat(buf,"\n"); 141 strlcat(buf,"\n",sizeof buf);
139 /* if this is the last call then update the ddt_dump thing so that 142 /* if this is the last call then update the ddt_dump thing so that
140 * we will move the selection point in the debug window 143 * we will move the selection point in the debug window
141 */ 144 */
@@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
144#ifdef TRUNCATE 147#ifdef TRUNCATE
145 if (trunc > 0) 148 if (trunc > 0)
146 { 149 {
147 sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc); 150 snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
151 len+trunc);
148 ret+=BIO_write(bio,(char *)buf,strlen(buf)); 152 ret+=BIO_write(bio,(char *)buf,strlen(buf));
149 } 153 }
150#endif 154#endif
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index 5e194de60e..37925b603d 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -234,7 +234,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
234 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); 234 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
235 goto err; 235 goto err;
236 } 236 }
237 strcpy(section,"default"); 237 strlcpy(section,"default",10);
238 238
239 if (_CONF_new_data(conf) == 0) 239 if (_CONF_new_data(conf) == 0)
240 { 240 {
@@ -390,7 +390,7 @@ again:
390 ERR_R_MALLOC_FAILURE); 390 ERR_R_MALLOC_FAILURE);
391 goto err; 391 goto err;
392 } 392 }
393 strcpy(v->name,pname); 393 strlcpy(v->name,pname,strlen(pname)+1);
394 if (!str_copy(conf,psection,&(v->value),start)) goto err; 394 if (!str_copy(conf,psection,&(v->value),start)) goto err;
395 395
396 if (strcmp(psection,section) != 0) 396 if (strcmp(psection,section) != 0)
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index edcc08921c..8270ae5eb5 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
561 561
562 if (!file) 562 if (!file)
563 return NULL; 563 return NULL;
564 strcpy(file,X509_get_default_cert_area()); 564 strlcpy(file,X509_get_default_cert_area(),len + 1);
565#ifndef OPENSSL_SYS_VMS 565#ifndef OPENSSL_SYS_VMS
566 strcat(file,"/"); 566 strlcat(file,"/",len + 1);
567#endif 567#endif
568 strcat(file,OPENSSL_CONF); 568 strlcat(file,OPENSSL_CONF,len + 1);
569 569
570 return file; 570 return file;
571 } 571 }
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 556069b9b8..85ac5103cd 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); 383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
384 return(0); 384 return(0);
385 } 385 }
386 strcpy(copied, filename); 386 strlcpy(copied, filename, strlen(filename) + 1);
387 if(dso->filename) 387 if(dso->filename)
388 OPENSSL_free(dso->filename); 388 OPENSSL_free(dso->filename);
389 dso->filename = copied; 389 dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
422 ERR_R_MALLOC_FAILURE); 422 ERR_R_MALLOC_FAILURE);
423 return(NULL); 423 return(NULL);
424 } 424 }
425 strcpy(result, filename); 425 strlcpy(result, filename, strlen(filename) + 1);
426 } 426 }
427 return(result); 427 return(result);
428 } 428 }
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index 1c4e04f51f..0beb3b36d1 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -629,7 +629,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
629 629
630 ami_cnt++; 630 ami_cnt++;
631 memset(buf,'>',ami_cnt); 631 memset(buf,'>',ami_cnt);
632 sprintf(buf + ami_cnt, 632 snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
633 " thread=%lu, file=%s, line=%d, info=\"", 633 " thread=%lu, file=%s, line=%d, info=\"",
634 amip->thread, amip->file, amip->line); 634 amip->thread, amip->file, amip->line);
635 buf_len=strlen(buf); 635 buf_len=strlen(buf);
@@ -641,10 +641,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
641 } 641 }
642 else 642 else
643 { 643 {
644 strcpy(buf + buf_len, amip->info); 644 strlcpy(buf + buf_len, amip->info,
645 sizeof buf - buf_len);
645 buf_len = strlen(buf); 646 buf_len = strlen(buf);
646 } 647 }
647 sprintf(buf + buf_len, "\"\n"); 648 snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
648 649
649 BIO_puts(l->bio,buf); 650 BIO_puts(l->bio,buf);
650 651
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index abc3ac27d5..96019c07a6 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -145,7 +145,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
145 addr.sun_family = AF_UNIX; 145 addr.sun_family = AF_UNIX;
146 if (strlen(path) > sizeof(addr.sun_path)) 146 if (strlen(path) > sizeof(addr.sun_path))
147 return (-1); 147 return (-1);
148 strcpy(addr.sun_path,path); 148 strlcpy(addr.sun_path,path,sizeof addr.sun_path);
149 len = offsetof(struct sockaddr_un, sun_path) + strlen(path); 149 len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
150 fd = socket(AF_UNIX, SOCK_STREAM, 0); 150 fd = socket(AF_UNIX, SOCK_STREAM, 0);
151 if (fd == -1) return (-1); 151 if (fd == -1) return (-1);
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 16946cad95..cce9075ac1 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -428,14 +428,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
428 len += sizeof(prompt3) - 1; 428 len += sizeof(prompt3) - 1;
429 429
430 prompt = (char *)OPENSSL_malloc(len + 1); 430 prompt = (char *)OPENSSL_malloc(len + 1);
431 strcpy(prompt, prompt1); 431 strlcpy(prompt, prompt1, len + 1);
432 strcat(prompt, object_desc); 432 strlcat(prompt, object_desc, len + 1);
433 if (object_name) 433 if (object_name)
434 { 434 {
435 strcat(prompt, prompt2); 435 strlcat(prompt, prompt2, len + 1);
436 strcat(prompt, object_name); 436 strlcat(prompt, object_name, len + 1);
437 } 437 }
438 strcat(prompt, prompt3); 438 strlcat(prompt, prompt3, len + 1);
439 } 439 }
440 return prompt; 440 return prompt;
441 } 441 }
@@ -863,7 +863,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
863 return -1; 863 return -1;
864 } 864 }
865 865
866 strcpy(uis->result_buf, result); 866 strlcpy(uis->result_buf, result,
867 uis->_.string_data.result_maxsize + 1);
867 break; 868 break;
868 case UIT_BOOLEAN: 869 case UIT_BOOLEAN:
869 { 870 {
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index e1cf01a9b4..92b9316b02 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
105 STACK_OF(CONF_VALUE) *ret) 105 STACK_OF(CONF_VALUE) *ret)
106{ 106{
107 ACCESS_DESCRIPTION *desc; 107 ACCESS_DESCRIPTION *desc;
108 int i; 108 int i,nlen;
109 char objtmp[80], *ntmp; 109 char objtmp[80], *ntmp;
110 CONF_VALUE *vtmp; 110 CONF_VALUE *vtmp;
111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { 111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
114 if(!ret) break; 114 if(!ret) break;
115 vtmp = sk_CONF_VALUE_value(ret, i); 115 vtmp = sk_CONF_VALUE_value(ret, i);
116 i2t_ASN1_OBJECT(objtmp, 80, desc->method); 116 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
117 ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); 117 nlen = strlen(objtmp) + strlen(vtmp->name) + 4;
118 ntmp = OPENSSL_malloc(nlen);
118 if(!ntmp) { 119 if(!ntmp) {
119 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 120 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
120 ERR_R_MALLOC_FAILURE); 121 ERR_R_MALLOC_FAILURE);
121 return NULL; 122 return NULL;
122 } 123 }
123 strcpy(ntmp, objtmp); 124 strlcpy(ntmp, objtmp, nlen);
124 strcat(ntmp, " - "); 125 strlcat(ntmp, " - ", nlen);
125 strcat(ntmp, vtmp->name); 126 strlcat(ntmp, vtmp->name, nlen);
126 OPENSSL_free(vtmp->name); 127 OPENSSL_free(vtmp->name);
127 vtmp->name = ntmp; 128 vtmp->name = ntmp;
128 129
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c
index 8397cfab6a..983604fb49 100644
--- a/src/lib/libssl/src/crypto/bio/b_dump.c
+++ b/src/lib/libssl/src/crypto/bio/b_dump.c
@@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
104 for(i=0;i<rows;i++) 104 for(i=0;i<rows;i++)
105 { 105 {
106 buf[0]='\0'; /* start with empty string */ 106 buf[0]='\0'; /* start with empty string */
107 strcpy(buf,str); 107 strlcpy(buf,str,sizeof buf);
108 sprintf(tmp,"%04x - ",i*dump_width); 108 snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
109 strcat(buf,tmp); 109 strlcat(buf,tmp,sizeof buf);
110 for(j=0;j<dump_width;j++) 110 for(j=0;j<dump_width;j++)
111 { 111 {
112 if (((i*dump_width)+j)>=len) 112 if (((i*dump_width)+j)>=len)
113 { 113 {
114 strcat(buf," "); 114 strlcat(buf," ",sizeof buf);
115 } 115 }
116 else 116 else
117 { 117 {
118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 118 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
119 sprintf(tmp,"%02x%c",ch,j==7?'-':' '); 119 snprintf(tmp,sizeof tmp,"%02x%c",ch,
120 strcat(buf,tmp); 120 j==7?'-':' ');
121 strlcat(buf,tmp,sizeof buf);
121 } 122 }
122 } 123 }
123 strcat(buf," "); 124 strlcat(buf," ",sizeof buf);
124 for(j=0;j<dump_width;j++) 125 for(j=0;j<dump_width;j++)
125 { 126 {
126 if (((i*dump_width)+j)>=len) 127 if (((i*dump_width)+j)>=len)
127 break; 128 break;
128 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; 129 ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
129#ifndef CHARSET_EBCDIC 130#ifndef CHARSET_EBCDIC
130 sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); 131 snprintf(tmp,sizeof tmp,"%c",
132 ((ch>=' ')&&(ch<='~'))?ch:'.');
131#else 133#else
132 sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) 134 snprintf(tmp,sizeof tmp,"%c",
133 ? os_toebcdic[ch] 135 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
134 : '.'); 136 ? os_toebcdic[ch]
137 : '.');
135#endif 138#endif
136 strcat(buf,tmp); 139 strlcat(buf,tmp,sizeof buf);
137 } 140 }
138 strcat(buf,"\n"); 141 strlcat(buf,"\n",sizeof buf);
139 /* if this is the last call then update the ddt_dump thing so that 142 /* if this is the last call then update the ddt_dump thing so that
140 * we will move the selection point in the debug window 143 * we will move the selection point in the debug window
141 */ 144 */
@@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
144#ifdef TRUNCATE 147#ifdef TRUNCATE
145 if (trunc > 0) 148 if (trunc > 0)
146 { 149 {
147 sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc); 150 snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
151 len+trunc);
148 ret+=BIO_write(bio,(char *)buf,strlen(buf)); 152 ret+=BIO_write(bio,(char *)buf,strlen(buf));
149 } 153 }
150#endif 154#endif
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index 5e194de60e..37925b603d 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -234,7 +234,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
234 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); 234 CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
235 goto err; 235 goto err;
236 } 236 }
237 strcpy(section,"default"); 237 strlcpy(section,"default",10);
238 238
239 if (_CONF_new_data(conf) == 0) 239 if (_CONF_new_data(conf) == 0)
240 { 240 {
@@ -390,7 +390,7 @@ again:
390 ERR_R_MALLOC_FAILURE); 390 ERR_R_MALLOC_FAILURE);
391 goto err; 391 goto err;
392 } 392 }
393 strcpy(v->name,pname); 393 strlcpy(v->name,pname,strlen(pname)+1);
394 if (!str_copy(conf,psection,&(v->value),start)) goto err; 394 if (!str_copy(conf,psection,&(v->value),start)) goto err;
395 395
396 if (strcmp(psection,section) != 0) 396 if (strcmp(psection,section) != 0)
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index edcc08921c..8270ae5eb5 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
561 561
562 if (!file) 562 if (!file)
563 return NULL; 563 return NULL;
564 strcpy(file,X509_get_default_cert_area()); 564 strlcpy(file,X509_get_default_cert_area(),len + 1);
565#ifndef OPENSSL_SYS_VMS 565#ifndef OPENSSL_SYS_VMS
566 strcat(file,"/"); 566 strlcat(file,"/",len + 1);
567#endif 567#endif
568 strcat(file,OPENSSL_CONF); 568 strlcat(file,OPENSSL_CONF,len + 1);
569 569
570 return file; 570 return file;
571 } 571 }
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c
index 556069b9b8..85ac5103cd 100644
--- a/src/lib/libssl/src/crypto/dso/dso_lib.c
+++ b/src/lib/libssl/src/crypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); 383 DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
384 return(0); 384 return(0);
385 } 385 }
386 strcpy(copied, filename); 386 strlcpy(copied, filename, strlen(filename) + 1);
387 if(dso->filename) 387 if(dso->filename)
388 OPENSSL_free(dso->filename); 388 OPENSSL_free(dso->filename);
389 dso->filename = copied; 389 dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
422 ERR_R_MALLOC_FAILURE); 422 ERR_R_MALLOC_FAILURE);
423 return(NULL); 423 return(NULL);
424 } 424 }
425 strcpy(result, filename); 425 strlcpy(result, filename, strlen(filename) + 1);
426 } 426 }
427 return(result); 427 return(result);
428 } 428 }
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c
index 1c4e04f51f..0beb3b36d1 100644
--- a/src/lib/libssl/src/crypto/mem_dbg.c
+++ b/src/lib/libssl/src/crypto/mem_dbg.c
@@ -629,7 +629,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
629 629
630 ami_cnt++; 630 ami_cnt++;
631 memset(buf,'>',ami_cnt); 631 memset(buf,'>',ami_cnt);
632 sprintf(buf + ami_cnt, 632 snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
633 " thread=%lu, file=%s, line=%d, info=\"", 633 " thread=%lu, file=%s, line=%d, info=\"",
634 amip->thread, amip->file, amip->line); 634 amip->thread, amip->file, amip->line);
635 buf_len=strlen(buf); 635 buf_len=strlen(buf);
@@ -641,10 +641,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
641 } 641 }
642 else 642 else
643 { 643 {
644 strcpy(buf + buf_len, amip->info); 644 strlcpy(buf + buf_len, amip->info,
645 sizeof buf - buf_len);
645 buf_len = strlen(buf); 646 buf_len = strlen(buf);
646 } 647 }
647 sprintf(buf + buf_len, "\"\n"); 648 snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
648 649
649 BIO_puts(l->bio,buf); 650 BIO_puts(l->bio,buf);
650 651
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c
index abc3ac27d5..96019c07a6 100644
--- a/src/lib/libssl/src/crypto/rand/rand_egd.c
+++ b/src/lib/libssl/src/crypto/rand/rand_egd.c
@@ -145,7 +145,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
145 addr.sun_family = AF_UNIX; 145 addr.sun_family = AF_UNIX;
146 if (strlen(path) > sizeof(addr.sun_path)) 146 if (strlen(path) > sizeof(addr.sun_path))
147 return (-1); 147 return (-1);
148 strcpy(addr.sun_path,path); 148 strlcpy(addr.sun_path,path,sizeof addr.sun_path);
149 len = offsetof(struct sockaddr_un, sun_path) + strlen(path); 149 len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
150 fd = socket(AF_UNIX, SOCK_STREAM, 0); 150 fd = socket(AF_UNIX, SOCK_STREAM, 0);
151 if (fd == -1) return (-1); 151 if (fd == -1) return (-1);
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c
index 16946cad95..cce9075ac1 100644
--- a/src/lib/libssl/src/crypto/ui/ui_lib.c
+++ b/src/lib/libssl/src/crypto/ui/ui_lib.c
@@ -428,14 +428,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
428 len += sizeof(prompt3) - 1; 428 len += sizeof(prompt3) - 1;
429 429
430 prompt = (char *)OPENSSL_malloc(len + 1); 430 prompt = (char *)OPENSSL_malloc(len + 1);
431 strcpy(prompt, prompt1); 431 strlcpy(prompt, prompt1, len + 1);
432 strcat(prompt, object_desc); 432 strlcat(prompt, object_desc, len + 1);
433 if (object_name) 433 if (object_name)
434 { 434 {
435 strcat(prompt, prompt2); 435 strlcat(prompt, prompt2, len + 1);
436 strcat(prompt, object_name); 436 strlcat(prompt, object_name, len + 1);
437 } 437 }
438 strcat(prompt, prompt3); 438 strlcat(prompt, prompt3, len + 1);
439 } 439 }
440 return prompt; 440 return prompt;
441 } 441 }
@@ -863,7 +863,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
863 return -1; 863 return -1;
864 } 864 }
865 865
866 strcpy(uis->result_buf, result); 866 strlcpy(uis->result_buf, result,
867 uis->_.string_data.result_maxsize + 1);
867 break; 868 break;
868 case UIT_BOOLEAN: 869 case UIT_BOOLEAN:
869 { 870 {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c
index e1cf01a9b4..92b9316b02 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_info.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
105 STACK_OF(CONF_VALUE) *ret) 105 STACK_OF(CONF_VALUE) *ret)
106{ 106{
107 ACCESS_DESCRIPTION *desc; 107 ACCESS_DESCRIPTION *desc;
108 int i; 108 int i,nlen;
109 char objtmp[80], *ntmp; 109 char objtmp[80], *ntmp;
110 CONF_VALUE *vtmp; 110 CONF_VALUE *vtmp;
111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { 111 for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
114 if(!ret) break; 114 if(!ret) break;
115 vtmp = sk_CONF_VALUE_value(ret, i); 115 vtmp = sk_CONF_VALUE_value(ret, i);
116 i2t_ASN1_OBJECT(objtmp, 80, desc->method); 116 i2t_ASN1_OBJECT(objtmp, 80, desc->method);
117 ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); 117 nlen = strlen(objtmp) + strlen(vtmp->name) + 4;
118 ntmp = OPENSSL_malloc(nlen);
118 if(!ntmp) { 119 if(!ntmp) {
119 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 120 X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
120 ERR_R_MALLOC_FAILURE); 121 ERR_R_MALLOC_FAILURE);
121 return NULL; 122 return NULL;
122 } 123 }
123 strcpy(ntmp, objtmp); 124 strlcpy(ntmp, objtmp, nlen);
124 strcat(ntmp, " - "); 125 strlcat(ntmp, " - ", nlen);
125 strcat(ntmp, vtmp->name); 126 strlcat(ntmp, vtmp->name, nlen);
126 OPENSSL_free(vtmp->name); 127 OPENSSL_free(vtmp->name);
127 vtmp->name = ntmp; 128 vtmp->name = ntmp;
128 129
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:46:14 +0000