From bdda4e2bd84f2162ba8f0d73eca293dafb3bb956 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Mon, 14 May 2007 10:33:51 +0000 Subject: [PATCH] - Use strlcpy() and strlcat() instead of strcpy() and strcat(). --- cgi.c | 27 ++++++++++++++++++--------- cgiedit.c | 31 +++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 19 deletions(-) diff --git a/cgi.c b/cgi.c index c8b6b002..dd94e14b 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.96 2007/03/08 17:41:05 fabiankeil Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.97 2007/04/09 18:11:35 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ @@ -38,6 +38,9 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.96 2007/03/08 17:41:05 fabiankeil Exp $"; * * Revisions : * $Log: cgi.c,v $ + * Revision 1.97 2007/04/09 18:11:35 fabiankeil + * Don't mistake VC++'s _snprintf() for a snprintf() replacement. + * * Revision 1.96 2007/03/08 17:41:05 fabiankeil * Use sizeof() more often. * @@ -1635,6 +1638,7 @@ jb_err cgi_error_no_template(struct client_state *csp, ").

\r\n" "\r\n" "\r\n"; + const size_t body_size = strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1; assert(csp); assert(rsp); @@ -1648,14 +1652,14 @@ jb_err cgi_error_no_template(struct client_state *csp, rsp->head_length = 0; rsp->is_static = 0; - rsp->body = malloc(strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1); + rsp->body = malloc(body_size); if (rsp->body == NULL) { return JB_ERR_MEMORY; } - strcpy(rsp->body, body_prefix); - strcat(rsp->body, template_name); - strcat(rsp->body, body_suffix); + strlcpy(rsp->body, body_prefix, body_size); + strlcat(rsp->body, template_name, body_size); + strlcat(rsp->body, body_suffix, body_size); rsp->status = strdup(status); if (rsp->status == NULL) @@ -1715,6 +1719,11 @@ jb_err cgi_error_unknown(struct client_state *csp, "\r\n" "\r\n"; char errnumbuf[30]; + /* + * Due to sizeof(errnumbuf), body_size will be slightly + * bigger than necessary but it doesn't really matter. + */ + const size_t body_size = strlen(body_prefix) + sizeof(errnumbuf) + strlen(body_suffix) + 1; assert(csp); assert(rsp); @@ -1729,14 +1738,14 @@ jb_err cgi_error_unknown(struct client_state *csp, snprintf(errnumbuf, sizeof(errnumbuf), "%d", error_to_report); - rsp->body = malloc(strlen(body_prefix) + strlen(errnumbuf) + strlen(body_suffix) + 1); + rsp->body = malloc(body_size); if (rsp->body == NULL) { return JB_ERR_MEMORY; } - strcpy(rsp->body, body_prefix); - strcat(rsp->body, errnumbuf); - strcat(rsp->body, body_suffix); + strlcpy(rsp->body, body_prefix, body_size); + strlcat(rsp->body, errnumbuf, body_size); + strlcat(rsp->body, body_suffix, body_size); rsp->status = strdup(status); if (rsp->status == NULL) diff --git a/cgiedit.c b/cgiedit.c index ea572566..aa11a876 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -1,4 +1,4 @@ -const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.52 2007/04/12 10:41:23 fabiankeil Exp $"; +const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.53 2007/04/15 16:39:20 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $ @@ -42,6 +42,11 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.52 2007/04/12 10:41:23 fabiankeil * * Revisions : * $Log: cgiedit.c,v $ + * Revision 1.53 2007/04/15 16:39:20 fabiankeil + * Introduce tags as alternative way to specify which + * actions apply to a request. At the moment tags can be + * created based on client and server headers. + * * Revision 1.52 2007/04/12 10:41:23 fabiankeil * - Don't mistake VC++'s _snprintf() for a snprintf() replacement. * - Move some cgi_edit_actions_for_url() variables into structs. @@ -2082,6 +2087,7 @@ static jb_err get_file_name_param(struct client_state *csp, char *fullpath; char ch; size_t len; + size_t name_size; assert(csp); assert(parameters); @@ -2123,13 +2129,14 @@ static jb_err get_file_name_param(struct client_state *csp, } /* Append extension */ - name = malloc(len + strlen(suffix) + 1); + name_size = len + strlen(suffix) + 1; + name = malloc(name_size); if (name == NULL) { return JB_ERR_MEMORY; } - strcpy(name, param); - strcpy(name + len, suffix); + strlcpy(name, param, name_size); + strlcat(name, suffix, name_size); /* Prepend path */ fullpath = make_path(csp->config->confdir, name); @@ -2306,23 +2313,25 @@ static jb_err map_radio(struct map * exports, const char * values, int value) { - size_t len; char * buf; char * p; char c; + const size_t len = strlen(optionname); + const size_t buf_size = len + 3; assert(exports); assert(optionname); assert(values); - len = strlen(optionname); - buf = malloc(len + 3); + buf = malloc(buf_size); if (buf == NULL) { return JB_ERR_MEMORY; } - strcpy(buf, optionname); + strlcpy(buf, optionname, buf_size); + + /* XXX: this looks ... interesting */ p = buf + len; *p++ = '-'; p[1] = '\0'; @@ -3345,6 +3354,7 @@ jb_err cgi_edit_actions_submit(struct client_state *csp, unsigned sectionid; char * actiontext; char * newtext; + size_t newtext_size; size_t len; struct editable_file * file; struct file_line * cur_line; @@ -3543,14 +3553,15 @@ jb_err cgi_edit_actions_submit(struct client_state *csp, len = 1; } - if (NULL == (newtext = malloc(len + 2))) + newtext_size = len + 2; + if (NULL == (newtext = malloc(newtext_size))) { /* Out of memory */ free(actiontext); edit_free_file(file); return JB_ERR_MEMORY; } - strcpy(newtext, actiontext); + strlcpy(newtext, actiontext, newtext_size); free(actiontext); newtext[0] = '{'; newtext[len] = '}'; -- 2.39.2