From 695631b2984111a825346396dc56635a2fe3a7c4 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Thu, 26 Dec 2002 17:04:54 +0000 Subject: [PATCH] - replaced a lot of strcpy() calls with strlcpy() which is more secure. --- src/ngircd/client.c | 6 +++--- src/ngircd/conf.c | 4 ++-- src/ngircd/conn.c | 14 +++++++------- src/ngircd/irc-channel.c | 4 ++-- src/ngircd/irc-mode.c | 4 ++-- src/ngircd/irc-server.c | 4 ++-- src/ngircd/irc.c | 4 ++-- src/ngircd/ngircd.c | 3 ++- src/ngircd/parse.c | 4 ++-- src/ngircd/resolve.c | 8 ++++---- 10 files changed, 28 insertions(+), 27 deletions(-) diff --git a/src/ngircd/client.c b/src/ngircd/client.c index 70f6be6c..f4adf0ee 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -17,7 +17,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: client.c,v 1.69 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: client.c,v 1.70 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -86,7 +86,7 @@ Client_Init( VOID ) gethostname( This_Server->host, CLIENT_HOST_LEN ); h = gethostbyname( This_Server->host ); - if( h ) strcpy( This_Server->host, h->h_name ); + if( h ) strlcpy( This_Server->host, h->h_name, sizeof( This_Server->host )); Client_SetID( This_Server, Conf_ServerName ); Client_SetInfo( This_Server, Conf_ServerInfo ); @@ -175,7 +175,7 @@ Client_New( CONN_ID Idx, CLIENT *Introducer, CLIENT *TopServer, INT Type, CHAR * if( Type == CLIENT_SERVER ) Generate_MyToken( client ); /* ist der User away? */ - if( strchr( client->modes, 'a' )) strcpy( client->away, DEFAULT_AWAY_MSG ); + if( strchr( client->modes, 'a' )) strlcpy( client->away, DEFAULT_AWAY_MSG, sizeof( client->away )); /* Verketten */ client->next = (POINTER *)My_Clients; diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index c2478b8e..50c9ee1b 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: conf.c,v 1.50 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: conf.c,v 1.51 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -235,7 +235,7 @@ Read_Config( VOID ) /* Is this the beginning of a new section? */ if(( str[0] == '[' ) && ( str[strlen( str ) - 1] == ']' )) { - strcpy( section, str ); + strlcpy( section, str, sizeof( section )); if( strcasecmp( section, "[GLOBAL]" ) == 0 ) continue; if( strcasecmp( section, "[OPERATOR]" ) == 0 ) { diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index 43625fe0..95e6d545 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: conn.c,v 1.108 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: conn.c,v 1.109 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -1251,7 +1251,7 @@ New_Connection( INT Sock ) Log( LOG_INFO, "Accepted connection %d from %s:%d on socket %d.", idx, inet_ntoa( new_addr.sin_addr ), ntohs( new_addr.sin_port), Sock ); /* Hostnamen ermitteln */ - strcpy( My_Connections[idx].host, inet_ntoa( new_addr.sin_addr )); + strlcpy( My_Connections[idx].host, inet_ntoa( new_addr.sin_addr ), sizeof( My_Connections[idx].host )); Client_SetHostname( c, My_Connections[idx].host ); s = Resolve_Addr( &new_addr ); if( s ) @@ -1588,8 +1588,8 @@ Check_Servers( VOID ) /* Hostnamen in IP aufloesen (Default bzw. im Fehlerfall: versuchen, den * konfigurierten Text direkt als IP-Adresse zu verwenden ... */ - strcpy( Conf_Server[My_Connections[idx].our_server].ip, Conf_Server[i].host ); - strcpy( My_Connections[idx].host, Conf_Server[i].host ); + strlcpy( Conf_Server[My_Connections[idx].our_server].ip, Conf_Server[i].host, sizeof( Conf_Server[My_Connections[idx].our_server].ip )); + strlcpy( My_Connections[idx].host, Conf_Server[i].host, sizeof( My_Connections[idx].host )); s = Resolve_Name( Conf_Server[i].host ); if( s ) { @@ -1677,7 +1677,7 @@ New_Server( INT Server, CONN_ID Idx ) /* Verbindung registrieren */ My_Connections[Idx].sock = new_sock; My_Connections[Idx].addr = new_addr; - strcpy( My_Connections[Idx].host, Conf_Server[Server].host ); + strlcpy( My_Connections[Idx].host, Conf_Server[Server].host, sizeof( My_Connections[Idx].host )); /* Neuen Socket registrieren */ FD_SET( new_sock, &My_Sockets ); @@ -1799,14 +1799,14 @@ Read_Resolver_Result( INT r_fd ) /* Eingehende Verbindung: Hostnamen setzen */ c = Client_GetFromConn( i ); assert( c != NULL ); - strcpy( My_Connections[i].host, result ); + strlcpy( My_Connections[i].host, result, sizeof( My_Connections[i].host )); Client_SetHostname( c, result ); } else { /* Ausgehende Verbindung (=Server): IP setzen */ assert( My_Connections[i].our_server > NONE ); - strcpy( Conf_Server[My_Connections[i].our_server].ip, result ); + strlcpy( Conf_Server[My_Connections[i].our_server].ip, result, sizeof( Conf_Server[My_Connections[i].our_server].ip )); } /* Penalty-Zeit zurueck setzen */ diff --git a/src/ngircd/irc-channel.c b/src/ngircd/irc-channel.c index 926d345e..7c83ba0f 100644 --- a/src/ngircd/irc-channel.c +++ b/src/ngircd/irc-channel.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-channel.c,v 1.21 2002/12/16 23:06:46 alex Exp $"; +static char UNUSED id[] = "$Id: irc-channel.c,v 1.22 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -179,7 +179,7 @@ IRC_JOIN( CLIENT *Client, REQUEST *Req ) if(( strchr( Channel_Modes( chan ), 'P' )) && ( strchr( Client_Modes( target ), 'o' ))) Channel_UserModeAdd( chan, target, 'o' ); /* Muessen Modes an andere Server gemeldet werden? */ - strcpy( &modes[1], Channel_UserModes( chan, target )); + strlcpy( &modes[1], Channel_UserModes( chan, target ), sizeof( modes ) - 1 ); if( modes[1] ) modes[0] = 0x7; else modes[0] = '\0'; diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c index c5eeadfb..4827c03f 100644 --- a/src/ngircd/irc-mode.c +++ b/src/ngircd/irc-mode.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-mode.c,v 1.25 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: irc-mode.c,v 1.26 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -392,7 +392,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) { Channel_ModeDel( Channel, 'k' ); Channel_SetKey( Channel, Req->argv[arg_arg] ); - strcpy( argadd, Channel_Key( Channel )); + strlcpy( argadd, Channel_Key( Channel ), sizeof( argadd )); x[0] = *mode_ptr; } else ok = IRC_WriteStrClient( Origin, ERR_CHANOPRIVSNEEDED_MSG, Client_ID( Origin ), Channel_Name( Channel )); diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c index 6a6f4712..93ae5ee1 100644 --- a/src/ngircd/irc-server.c +++ b/src/ngircd/irc-server.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-server.c,v 1.26 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: irc-server.c,v 1.27 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -314,7 +314,7 @@ IRC_NJOIN( CLIENT *Client, REQUEST *Req ) IRC_WriteStrChannelPrefix( Client, chan, c, FALSE, "JOIN :%s", channame ); /* Channel-User-Modes setzen */ - strcpy( modes, Channel_UserModes( chan, c )); + strlcpy( modes, Channel_UserModes( chan, c ), sizeof( modes )); if( modes[0] ) { /* Modes im Channel bekannt machen */ diff --git a/src/ngircd/irc.c b/src/ngircd/irc.c index 5480efbd..415c55fb 100644 --- a/src/ngircd/irc.c +++ b/src/ngircd/irc.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc.c,v 1.107 2002/12/12 12:24:18 alex Exp $"; +static char UNUSED id[] = "$Id: irc.c,v 1.108 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -74,7 +74,7 @@ IRC_KILL( CLIENT *Client, REQUEST *Req ) /* build reason string */ if( Client_Type( Client ) == CLIENT_USER ) sprintf( reason, "KILLed by %s: %s", Client_ID( Client ), Req->argv[1] ); - else strcpy( reason, Req->argv[1] ); + else strlcpy( reason, Req->argv[1], sizeof( reason )); /* andere Server benachrichtigen */ IRC_WriteStrServersPrefix( Client, prefix, "KILL %s :%s", Req->argv[0], reason ); diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c index cef1cff5..473ecfc6 100644 --- a/src/ngircd/ngircd.c +++ b/src/ngircd/ngircd.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: ngircd.c,v 1.68 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: ngircd.c,v 1.69 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -399,6 +399,7 @@ NGIRCd_Rehash( VOID ) Conn_ExitListeners( ); /* Alten Server-Namen merken */ + assert( sizeof( old_name ) == sizeof( Conf_ServerName )); strcpy( old_name, Conf_ServerName ); /* Konfiguration neu lesen ... */ diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c index 3be66a9e..372aeb0a 100644 --- a/src/ngircd/parse.c +++ b/src/ngircd/parse.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: parse.c,v 1.53 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: parse.c,v 1.54 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -360,7 +360,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req ) } /* Statuscode weiterleiten */ - strcpy( str, Req->command ); + strlcpy( str, Req->command, sizeof( str )); for( i = 0; i < Req->argc; i++ ) { if( i < Req->argc - 1 ) strlcat( str, " ", sizeof( str )); diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c index 367692d6..c833609a 100644 --- a/src/ngircd/resolve.c +++ b/src/ngircd/resolve.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: resolve.c,v 1.4 2002/12/12 12:24:18 alex Exp $"; +static char UNUSED id[] = "$Id: resolve.c,v 1.5 2002/12/26 17:04:54 alex Exp $"; #include "imp.h" #include @@ -174,7 +174,7 @@ Do_ResolveAddr( struct sockaddr_in *Addr, INT w_fd ) /* Namen aufloesen */ h = gethostbyaddr( (CHAR *)&Addr->sin_addr, sizeof( Addr->sin_addr ), AF_INET ); - if( h ) strcpy( hostname, h->h_name ); + if( h ) strlcpy( hostname, h->h_name, sizeof( hostname )); else { #ifdef h_errno @@ -182,7 +182,7 @@ Do_ResolveAddr( struct sockaddr_in *Addr, INT w_fd ) #else Log_Resolver( LOG_WARNING, "Can't resolve address \"%s\"!", inet_ntoa( Addr->sin_addr )); #endif - strcpy( hostname, inet_ntoa( Addr->sin_addr )); + strlcpy( hostname, inet_ntoa( Addr->sin_addr ), sizeof( hostname )); } /* Antwort an Parent schreiben */ @@ -213,7 +213,7 @@ Do_ResolveName( CHAR *Host, INT w_fd ) if( h ) { addr = (struct in_addr *)h->h_addr; - strcpy( ip, inet_ntoa( *addr )); + strlcpy( ip, inet_ntoa( *addr ), sizeof( ip )); } else { -- 2.39.2