From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from krisdoz.my.domain (schwarze@localhost [127.0.0.1]) by krisdoz.my.domain (8.14.5/8.14.5) with ESMTP id s3NJ9G6x006647 for ; Wed, 23 Apr 2014 15:09:16 -0400 (EDT) Received: (from schwarze@localhost) by krisdoz.my.domain (8.14.5/8.14.3/Submit) id s3NJ9G9m019132; Wed, 23 Apr 2014 15:09:16 -0400 (EDT) Date: Wed, 23 Apr 2014 15:09:16 -0400 (EDT) Message-Id: <201404231909.s3NJ9G9m019132@krisdoz.my.domain> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Audit strlcpy(3)/strlcat(3) usage: * Add missing truncation X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Audit strlcpy(3)/strlcat(3) usage: * Add missing truncation checks to three calls. * In four cases where we know that the distination buffer is large enough, cast the return vailue to (void). Modified Files: -------------- mdocml: mandocdb.c Revision Data ------------- Index: mandocdb.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandocdb.c,v retrieving revision 1.142 retrieving revision 1.143 diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.142 -r1.143 --- mandocdb.c +++ mandocdb.c @@ -663,7 +663,13 @@ treescan(void) fsec[-1] = '\0'; mlink = mandoc_calloc(1, sizeof(struct mlink)); - strlcpy(mlink->file, path, sizeof(mlink->file)); + if (strlcpy(mlink->file, path, + sizeof(mlink->file)) >= + sizeof(mlink->file)) { + say(path, "Filename too long"); + free(mlink); + continue; + } mlink->dform = dform; mlink->dsec = dsec; mlink->arch = arch; @@ -819,13 +825,20 @@ filescan(const char *file) say(file, "&stat"); return; } - strlcpy(buf, file, sizeof(buf)); + if (strlcpy(buf, file, sizeof(buf)) >= sizeof(buf)) { + say(file, "Filename too long"); + return; + } start = strstr(buf, basedir) == buf ? buf + strlen(basedir) + 1 : buf; } mlink = mandoc_calloc(1, sizeof(struct mlink)); - strlcpy(mlink->file, start, sizeof(mlink->file)); + if (strlcpy(mlink->file, start, sizeof(mlink->file)) >= + sizeof(mlink->file)) { + say(start, "Filename too long"); + return; + } /* * First try to guess our directory structure. @@ -973,17 +986,13 @@ mlinks_undupe(struct mpage *mpage) mpage->form = FORM_NONE; goto nextlink; } - if (strlcpy(buf, mlink->file, PATH_MAX) >= PATH_MAX) { - if (warnings) - say(mlink->file, "Filename too long"); - goto nextlink; - } + (void)strlcpy(buf, mlink->file, sizeof(buf)); bufp = strstr(buf, "cat"); assert(NULL != bufp); memcpy(bufp, "man", 3); if (NULL != (bufp = strrchr(buf, '.'))) *++bufp = '\0'; - strlcat(buf, mlink->dsec, PATH_MAX); + (void)strlcat(buf, mlink->dsec, sizeof(buf)); if (NULL == ohash_find(&mlinks, ohash_qlookup(&mlinks, buf))) goto nextlink; @@ -2216,24 +2225,15 @@ dbopen(int real) return(0); } - if (strlcpy(tempfilename, "/tmp/mandocdb.XXXXXX", - sizeof(tempfilename)) >= sizeof(tempfilename)) { - exitcode = (int)MANDOCLEVEL_SYSERR; - say("", "/tmp/mandocdb.XXXXXX: Filename too long"); - return(0); - } + (void)strlcpy(tempfilename, "/tmp/mandocdb.XXXXXX", + sizeof(tempfilename)); if (NULL == mkdtemp(tempfilename)) { exitcode = (int)MANDOCLEVEL_SYSERR; say("", "&%s", tempfilename); return(0); } - if (strlcat(tempfilename, "/" MANDOC_DB, - sizeof(tempfilename)) >= sizeof(tempfilename)) { - exitcode = (int)MANDOCLEVEL_SYSERR; - say("", "%s/" MANDOC_DB ": Filename too long", - tempfilename); - return(0); - } + (void)strlcat(tempfilename, "/" MANDOC_DB, + sizeof(tempfilename)); rc = sqlite3_open_v2(tempfilename, &db, ofl, NULL); if (SQLITE_OK != rc) { exitcode = (int)MANDOCLEVEL_SYSERR; -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv