Good usage of strncat and strncpy

This change ensure that there are no write over the
destination buffer size

Change-Id: Ic213e70fab83dfae39a8ff030c823a6ce68aab64
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>

4 files changed, 39 insertions, 36 deletions

diff --git a/ctl-lib/ctl-action.c b/ctl-lib/ctl-action.c
index e1329e2..c8df2c7 100644
--- a/ctl-lib/ctl-action.c
+++ b/ctl-lib/ctl-action.c
@@ -139,30 +139,26 @@ static void ActionDynRequest(AFB_ReqT request) {
 
 void ParseURI(const char *uri, char **first, char **second)
 {
-    size_t first_len = 0, second_len = 0;
-    const char *tmp;
+    int i;
+    char *tmp;
 
     if(! uri || ! first || ! second) {
         return;
     }
 
-    tmp = strchr(uri, '#');
-    first_len = strlen(uri);
+    tmp = strdup(uri);
+    *first = tmp;
 
-    if (!tmp) {
-        *first = calloc(1, sizeof(char) * first_len);
-        strcpy(*first, uri);
+    for(i = 0; i < strlen(uri); ++i) {
+        if(tmp[i] == '#') {
+            tmp[i] = '\0';
+            *second = &tmp[++i];
+            break;
+        }
     }
-    else {
-        second_len = strlen(tmp);
-        first_len = first_len - second_len;
 
-        *first = calloc(1, sizeof(char) * first_len);
-        *second = calloc(1, sizeof(char) * second_len);
-
-        strncpy(*first, uri, first_len);
-        strncpy(*second, tmp+1, second_len);
-    }
+    if(tmp[i] == '\0')
+        *second = "";
 }
 
 /*** This function will fill the CtlActionT pointer given in parameters for a
diff --git a/ctl-lib/ctl-config.c b/ctl-lib/ctl-config.c
index cac8c75..ce1e6fe 100644
--- a/ctl-lib/ctl-config.c
+++ b/ctl-lib/ctl-config.c
@@ -43,11 +43,13 @@ int CtlConfigMagicNew() {
 }
 
  json_object* CtlConfigScan(const char *dirList, const char *prefix) {
-    char controlFile [CONTROL_MAXPATH_LEN];
+    char controlFile[CONTROL_MAXPATH_LEN];
     const char *binderName = GetBinderName();
 
-    strncpy(controlFile, prefix, strlen(prefix)+1);
-    strncat(controlFile, binderName, strlen(binderName));
+    controlFile[CONTROL_MAXPATH_LEN - 1] = '\0';
+
+    strncpy(controlFile, prefix, CONTROL_MAXPATH_LEN - 1);
+    strncat(controlFile, binderName, CONTROL_MAXPATH_LEN - strlen(controlFile) - 1);
 
     // search for default dispatch config file
     json_object* responseJ = ScanForConfig(dirList, CTL_SCAN_RECURSIVE, controlFile, ".json");
@@ -69,9 +71,9 @@ char* ConfigSearch(AFB_ApiT apiHandle, json_object *responseJ) {
         }
 
         if (index == 0) {
-            strncpy(filepath, fullpath, strlen(fullpath)+1);
-            strncat(filepath, "/", strlen("/"));
-            strncat(filepath, filename, strlen(filename));
+            strncpy(filepath, fullpath, CONTROL_MAXPATH_LEN - 1);
+            strncat(filepath, "/", CONTROL_MAXPATH_LEN - strlen(filepath) - 1);
+            strncat(filepath, filename, CONTROL_MAXPATH_LEN - strlen(filepath) - 1);
         }
     }
 
diff --git a/ctl-lib/ctl-lua.c b/ctl-lib/ctl-lua.c
index c2f2376..3abf330 100644
--- a/ctl-lib/ctl-lua.c
+++ b/ctl-lib/ctl-lua.c
@@ -745,6 +745,8 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) {
     json_object *argsJ = NULL;
     static json_object *luaScriptPathJ = NULL;
 
+    luaScriptPath[CONTROL_MAXPATH_LEN - 1] = '\0';
+
     if (!queryJ) {
         return -1;
     }
@@ -761,9 +763,9 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) {
 
     // search for filename=script in CONTROL_LUA_PATH
     if (!luaScriptPathJ) {
-        strncpy(luaScriptPath, CONTROL_DOSCRIPT_PRE, strlen(CONTROL_DOSCRIPT_PRE) + 1);
-        strncat(luaScriptPath, "-", strlen("-"));
-        strncat(luaScriptPath, uid, strlen(uid));
+        strncpy(luaScriptPath, CONTROL_DOSCRIPT_PRE, CONTROL_MAXPATH_LEN - 1);
+        strncat(luaScriptPath, "-", CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1);
+        strncat(luaScriptPath, uid, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1);
         luaScriptPathJ = ScanForConfig(luaScriptPath, CTL_SCAN_RECURSIVE, luaScriptPath, ".lua");
     }
 
@@ -778,9 +780,9 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) {
 
         // Ignoring other found script. Only take the first one.
         if (!index) {
-            strncpy(luaScriptPath, fullpath, strlen(fullpath) + 1);
-            strncat(luaScriptPath, "/", strlen("/"));
-            strncat(luaScriptPath, filename, strlen(filename));
+            strncpy(luaScriptPath, fullpath, CONTROL_MAXPATH_LEN - 1);
+            strncat(luaScriptPath, "/", CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1);
+            strncat(luaScriptPath, filename, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1);
         }
     }
 
@@ -792,8 +794,8 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) {
 
     // if no func name given try to deduct from filename
     if (!func && (func = (char*) GetMidleName(filename)) != NULL) {
-        strncpy(luaScriptPath, "_", strlen("_") + 1);
-        strncat(luaScriptPath, func, strlen(func));
+        strncpy(luaScriptPath, "_", CONTROL_MAXPATH_LEN - 1);
+        strncat(luaScriptPath, func, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1);
         func = luaScriptPath;
     }
     if (!func) {
diff --git a/ctl-lib/ctl-plugin.c b/ctl-lib/ctl-plugin.c
index 0029b68..2097afa 100644
--- a/ctl-lib/ctl-plugin.c
+++ b/ctl-lib/ctl-plugin.c
@@ -113,8 +113,9 @@ static int PluginLoadCOne(AFB_ApiT apiHandle, const char *pluginpath, json_objec
             if(ctlPlugin->ctlL2cFunc->l2cCount)
                 {index += ctlPlugin->ctlL2cFunc->l2cCount+1;}
             char funcName[CONTROL_MAXPATH_LEN];
-            strncpy(funcName, "lua2c_", strlen ("lua2c_")+1);
-            strncat(funcName, l2cName, strlen (l2cName));
+            funcName[CONTROL_MAXPATH_LEN - 1] = '\0';
+            strncpy(funcName, "lua2c_", CONTROL_MAXPATH_LEN - 1);
+            strncat(funcName, l2cName, CONTROL_MAXPATH_LEN - strlen (funcName) - 1);
 
             Lua2cFunctionT l2cFunction = (Lua2cFunctionT) dlsym(dlHandle, funcName);
             if (!l2cFunction) {
@@ -194,6 +195,8 @@ static int LoadFoundPlugins(AFB_ApiT apiHandle, json_object *scanResult, json_ob
     size_t len;
     json_object *object = NULL;
 
+    pluginpath[CONTROL_MAXPATH_LEN - 1] = '\0';
+
     if (!json_object_is_type(scanResult, json_type_array))
         return -1;
 
@@ -212,9 +215,9 @@ static int LoadFoundPlugins(AFB_ApiT apiHandle, json_object *scanResult, json_ob
 
         /* Make sure you don't load two found libraries */
         ext = strrchr(filename, '.');
-        strncpy(pluginpath, fullpath, strlen (fullpath)+1);
-        strncat(pluginpath, "/", strlen ("/"));
-        strncat(pluginpath, filename, strlen (filename));
+        strncpy(pluginpath, fullpath, CONTROL_MAXPATH_LEN - 1);
+        strncat(pluginpath, "/", CONTROL_MAXPATH_LEN - strlen(pluginpath) - 1);
+        strncat(pluginpath, filename, CONTROL_MAXPATH_LEN - strlen (pluginpath) - 1);
 
         if(!strcasecmp(ext, CTL_PLUGIN_EXT)) {
             if(ext && !strcasecmp(ext, CTL_PLUGIN_EXT) && i > 0) {
@@ -259,7 +262,7 @@ static char *GetDefaultSearchPath(AFB_ApiT apiHandle)
         strncat(searchPath, CONTROL_PLUGIN_PATH, CTL_PLGN_len);
     }
 
-    strncat(searchPath, ":", 1);
+    strncat(searchPath, ":", sizeof(searchPath) - 1);
     strncat(searchPath, bindingPath, bindingPath_len);
 
     return searchPath;