From a4c0f9de9c618e0271a7e122136bdfe50301a6d7 Mon Sep 17 00:00:00 2001
From: ho <>
Date: Sun, 16 Mar 2003 12:18:21 +0000
Subject: Less strcpy/strcat/sprintf. tdeval@ ok.
---
src/lib/libcrypto/bio/b_dump.c | 32 ++++++++++++++++++--------------
src/lib/libcrypto/conf/conf_def.c | 4 ++--
src/lib/libcrypto/conf/conf_mod.c | 6 +++---
src/lib/libcrypto/dso/dso_lib.c | 4 ++--
src/lib/libcrypto/mem_dbg.c | 7 ++++---
src/lib/libcrypto/rand/rand_egd.c | 2 +-
src/lib/libcrypto/ui/ui_lib.c | 13 +++++++------
src/lib/libcrypto/x509v3/v3_info.c | 11 ++++++-----
8 files changed, 43 insertions(+), 36 deletions(-)
(limited to 'src/lib/libcrypto')
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
index 8397cfab6a..983604fb49 100644
--- a/src/lib/libcrypto/bio/b_dump.c
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -104,38 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
for(i=0;i<rows;i++)
{
buf[0]='\0'; /* start with empty string */
- strcpy(buf,str);
- sprintf(tmp,"%04x - ",i*dump_width);
- strcat(buf,tmp);
+ strlcpy(buf,str,sizeof buf);
+ snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
+ strlcat(buf,tmp,sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
{
- strcat(buf," ");
+ strlcat(buf," ",sizeof buf);
}
else
{
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
- sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
- strcat(buf,tmp);
+ snprintf(tmp,sizeof tmp,"%02x%c",ch,
+ j==7?'-':' ');
+ strlcat(buf,tmp,sizeof buf);
}
}
- strcat(buf," ");
+ strlcat(buf," ",sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
break;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
- sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+ snprintf(tmp,sizeof tmp,"%c",
+ ((ch>=' ')&&(ch<='~'))?ch:'.');
#else
- sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
- ? os_toebcdic[ch]
- : '.');
+ snprintf(tmp,sizeof tmp,"%c",
+ ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+ ? os_toebcdic[ch]
+ : '.');
#endif
- strcat(buf,tmp);
+ strlcat(buf,tmp,sizeof buf);
}
- strcat(buf,"\n");
+ strlcat(buf,"\n",sizeof buf);
/* if this is the last call then update the ddt_dump thing so that
* we will move the selection point in the debug window
*/
@@ -144,7 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
#ifdef TRUNCATE
if (trunc > 0)
{
- sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
+ snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
+ len+trunc);
ret+=BIO_write(bio,(char *)buf,strlen(buf));
}
#endif
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index 5e194de60e..37925b603d 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -234,7 +234,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
- strcpy(section,"default");
+ strlcpy(section,"default",10);
if (_CONF_new_data(conf) == 0)
{
@@ -390,7 +390,7 @@ again:
ERR_R_MALLOC_FAILURE);
goto err;
}
- strcpy(v->name,pname);
+ strlcpy(v->name,pname,strlen(pname)+1);
if (!str_copy(conf,psection,&(v->value),start)) goto err;
if (strcmp(psection,section) != 0)
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index edcc08921c..8270ae5eb5 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
if (!file)
return NULL;
- strcpy(file,X509_get_default_cert_area());
+ strlcpy(file,X509_get_default_cert_area(),len + 1);
#ifndef OPENSSL_SYS_VMS
- strcat(file,"/");
+ strlcat(file,"/",len + 1);
#endif
- strcat(file,OPENSSL_CONF);
+ strlcat(file,OPENSSL_CONF,len + 1);
return file;
}
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 556069b9b8..85ac5103cd 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
return(0);
}
- strcpy(copied, filename);
+ strlcpy(copied, filename, strlen(filename) + 1);
if(dso->filename)
OPENSSL_free(dso->filename);
dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
ERR_R_MALLOC_FAILURE);
return(NULL);
}
- strcpy(result, filename);
+ strlcpy(result, filename, strlen(filename) + 1);
}
return(result);
}
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index 1c4e04f51f..0beb3b36d1 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -629,7 +629,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
ami_cnt++;
memset(buf,'>',ami_cnt);
- sprintf(buf + ami_cnt,
+ snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
" thread=%lu, file=%s, line=%d, info=\"",
amip->thread, amip->file, amip->line);
buf_len=strlen(buf);
@@ -641,10 +641,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
}
else
{
- strcpy(buf + buf_len, amip->info);
+ strlcpy(buf + buf_len, amip->info,
+ sizeof buf - buf_len);
buf_len = strlen(buf);
}
- sprintf(buf + buf_len, "\"\n");
+ snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
BIO_puts(l->bio,buf);
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
index abc3ac27d5..96019c07a6 100644
--- a/src/lib/libcrypto/rand/rand_egd.c
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -145,7 +145,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
addr.sun_family = AF_UNIX;
if (strlen(path) > sizeof(addr.sun_path))
return (-1);
- strcpy(addr.sun_path,path);
+ strlcpy(addr.sun_path,path,sizeof addr.sun_path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) return (-1);
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 16946cad95..cce9075ac1 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -428,14 +428,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
len += sizeof(prompt3) - 1;
prompt = (char *)OPENSSL_malloc(len + 1);
- strcpy(prompt, prompt1);
- strcat(prompt, object_desc);
+ strlcpy(prompt, prompt1, len + 1);
+ strlcat(prompt, object_desc, len + 1);
if (object_name)
{
- strcat(prompt, prompt2);
- strcat(prompt, object_name);
+ strlcat(prompt, prompt2, len + 1);
+ strlcat(prompt, object_name, len + 1);
}
- strcat(prompt, prompt3);
+ strlcat(prompt, prompt3, len + 1);
}
return prompt;
}
@@ -863,7 +863,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
return -1;
}
- strcpy(uis->result_buf, result);
+ strlcpy(uis->result_buf, result,
+ uis->_.string_data.result_maxsize + 1);
break;
case UIT_BOOLEAN:
{
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index e1cf01a9b4..92b9316b02 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
STACK_OF(CONF_VALUE) *ret)
{
ACCESS_DESCRIPTION *desc;
- int i;
+ int i,nlen;
char objtmp[80], *ntmp;
CONF_VALUE *vtmp;
for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
@@ -114,15 +114,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
if(!ret) break;
vtmp = sk_CONF_VALUE_value(ret, i);
i2t_ASN1_OBJECT(objtmp, 80, desc->method);
- ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+ nlen = strlen(objtmp) + strlen(vtmp->name) + 4;
+ ntmp = OPENSSL_malloc(nlen);
if(!ntmp) {
X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
ERR_R_MALLOC_FAILURE);
return NULL;
}
- strcpy(ntmp, objtmp);
- strcat(ntmp, " - ");
- strcat(ntmp, vtmp->name);
+ strlcpy(ntmp, objtmp, nlen);
+ strlcat(ntmp, " - ", nlen);
+ strlcat(ntmp, vtmp->name, nlen);
OPENSSL_free(vtmp->name);
vtmp->name = ntmp;
--
cgit v1.2.3-55-g6feb