diff options
author | Romain Forlot <romain.forlot@iot.bzh> | 2018-05-17 00:26:01 +0200 |
---|---|---|
committer | Romain Forlot <romain.forlot@iot.bzh> | 2018-05-17 23:08:12 +0200 |
commit | 71df9e17920283b8170bb65da98e279cb508e9b9 (patch) | |
tree | 0e3e8a8df04125cf7be72ea9c0bcc8362cf19a22 | |
parent | 77c5fe6240f08a55f61afc8d0ed48129bd8394d2 (diff) |
Good usage of strncat and strncpy
This change ensure that there are no write over the
destination buffer size
Change-Id: Ic213e70fab83dfae39a8ff030c823a6ce68aab64
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
-rw-r--r-- | ctl-lib/ctl-action.c | 28 | ||||
-rw-r--r-- | ctl-lib/ctl-config.c | 14 | ||||
-rw-r--r-- | ctl-lib/ctl-lua.c | 18 | ||||
-rw-r--r-- | ctl-lib/ctl-plugin.c | 15 |
4 files changed, 39 insertions, 36 deletions
diff --git a/ctl-lib/ctl-action.c b/ctl-lib/ctl-action.c index e1329e2..c8df2c7 100644 --- a/ctl-lib/ctl-action.c +++ b/ctl-lib/ctl-action.c @@ -139,30 +139,26 @@ static void ActionDynRequest(AFB_ReqT request) { void ParseURI(const char *uri, char **first, char **second) { - size_t first_len = 0, second_len = 0; - const char *tmp; + int i; + char *tmp; if(! uri || ! first || ! second) { return; } - tmp = strchr(uri, '#'); - first_len = strlen(uri); + tmp = strdup(uri); + *first = tmp; - if (!tmp) { - *first = calloc(1, sizeof(char) * first_len); - strcpy(*first, uri); + for(i = 0; i < strlen(uri); ++i) { + if(tmp[i] == '#') { + tmp[i] = '\0'; + *second = &tmp[++i]; + break; + } } - else { - second_len = strlen(tmp); - first_len = first_len - second_len; - *first = calloc(1, sizeof(char) * first_len); - *second = calloc(1, sizeof(char) * second_len); - - strncpy(*first, uri, first_len); - strncpy(*second, tmp+1, second_len); - } + if(tmp[i] == '\0') + *second = ""; } /*** This function will fill the CtlActionT pointer given in parameters for a diff --git a/ctl-lib/ctl-config.c b/ctl-lib/ctl-config.c index cac8c75..ce1e6fe 100644 --- a/ctl-lib/ctl-config.c +++ b/ctl-lib/ctl-config.c @@ -43,11 +43,13 @@ int CtlConfigMagicNew() { } json_object* CtlConfigScan(const char *dirList, const char *prefix) { - char controlFile [CONTROL_MAXPATH_LEN]; + char controlFile[CONTROL_MAXPATH_LEN]; const char *binderName = GetBinderName(); - strncpy(controlFile, prefix, strlen(prefix)+1); - strncat(controlFile, binderName, strlen(binderName)); + controlFile[CONTROL_MAXPATH_LEN - 1] = '\0'; + + strncpy(controlFile, prefix, CONTROL_MAXPATH_LEN - 1); + strncat(controlFile, binderName, CONTROL_MAXPATH_LEN - strlen(controlFile) - 1); // search for default dispatch config file json_object* responseJ = ScanForConfig(dirList, CTL_SCAN_RECURSIVE, controlFile, ".json"); @@ -69,9 +71,9 @@ char* ConfigSearch(AFB_ApiT apiHandle, json_object *responseJ) { } if (index == 0) { - strncpy(filepath, fullpath, strlen(fullpath)+1); - strncat(filepath, "/", strlen("/")); - strncat(filepath, filename, strlen(filename)); + strncpy(filepath, fullpath, CONTROL_MAXPATH_LEN - 1); + strncat(filepath, "/", CONTROL_MAXPATH_LEN - strlen(filepath) - 1); + strncat(filepath, filename, CONTROL_MAXPATH_LEN - strlen(filepath) - 1); } } diff --git a/ctl-lib/ctl-lua.c b/ctl-lib/ctl-lua.c index c2f2376..3abf330 100644 --- a/ctl-lib/ctl-lua.c +++ b/ctl-lib/ctl-lua.c @@ -745,6 +745,8 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { json_object *argsJ = NULL; static json_object *luaScriptPathJ = NULL; + luaScriptPath[CONTROL_MAXPATH_LEN - 1] = '\0'; + if (!queryJ) { return -1; } @@ -761,9 +763,9 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { // search for filename=script in CONTROL_LUA_PATH if (!luaScriptPathJ) { - strncpy(luaScriptPath, CONTROL_DOSCRIPT_PRE, strlen(CONTROL_DOSCRIPT_PRE) + 1); - strncat(luaScriptPath, "-", strlen("-")); - strncat(luaScriptPath, uid, strlen(uid)); + strncpy(luaScriptPath, CONTROL_DOSCRIPT_PRE, CONTROL_MAXPATH_LEN - 1); + strncat(luaScriptPath, "-", CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); + strncat(luaScriptPath, uid, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); luaScriptPathJ = ScanForConfig(luaScriptPath, CTL_SCAN_RECURSIVE, luaScriptPath, ".lua"); } @@ -778,9 +780,9 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { // Ignoring other found script. Only take the first one. if (!index) { - strncpy(luaScriptPath, fullpath, strlen(fullpath) + 1); - strncat(luaScriptPath, "/", strlen("/")); - strncat(luaScriptPath, filename, strlen(filename)); + strncpy(luaScriptPath, fullpath, CONTROL_MAXPATH_LEN - 1); + strncat(luaScriptPath, "/", CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); + strncat(luaScriptPath, filename, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); } } @@ -792,8 +794,8 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { // if no func name given try to deduct from filename if (!func && (func = (char*) GetMidleName(filename)) != NULL) { - strncpy(luaScriptPath, "_", strlen("_") + 1); - strncat(luaScriptPath, func, strlen(func)); + strncpy(luaScriptPath, "_", CONTROL_MAXPATH_LEN - 1); + strncat(luaScriptPath, func, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); func = luaScriptPath; } if (!func) { diff --git a/ctl-lib/ctl-plugin.c b/ctl-lib/ctl-plugin.c index 0029b68..2097afa 100644 --- a/ctl-lib/ctl-plugin.c +++ b/ctl-lib/ctl-plugin.c @@ -113,8 +113,9 @@ static int PluginLoadCOne(AFB_ApiT apiHandle, const char *pluginpath, json_objec if(ctlPlugin->ctlL2cFunc->l2cCount) {index += ctlPlugin->ctlL2cFunc->l2cCount+1;} char funcName[CONTROL_MAXPATH_LEN]; - strncpy(funcName, "lua2c_", strlen ("lua2c_")+1); - strncat(funcName, l2cName, strlen (l2cName)); + funcName[CONTROL_MAXPATH_LEN - 1] = '\0'; + strncpy(funcName, "lua2c_", CONTROL_MAXPATH_LEN - 1); + strncat(funcName, l2cName, CONTROL_MAXPATH_LEN - strlen (funcName) - 1); Lua2cFunctionT l2cFunction = (Lua2cFunctionT) dlsym(dlHandle, funcName); if (!l2cFunction) { @@ -194,6 +195,8 @@ static int LoadFoundPlugins(AFB_ApiT apiHandle, json_object *scanResult, json_ob size_t len; json_object *object = NULL; + pluginpath[CONTROL_MAXPATH_LEN - 1] = '\0'; + if (!json_object_is_type(scanResult, json_type_array)) return -1; @@ -212,9 +215,9 @@ static int LoadFoundPlugins(AFB_ApiT apiHandle, json_object *scanResult, json_ob /* Make sure you don't load two found libraries */ ext = strrchr(filename, '.'); - strncpy(pluginpath, fullpath, strlen (fullpath)+1); - strncat(pluginpath, "/", strlen ("/")); - strncat(pluginpath, filename, strlen (filename)); + strncpy(pluginpath, fullpath, CONTROL_MAXPATH_LEN - 1); + strncat(pluginpath, "/", CONTROL_MAXPATH_LEN - strlen(pluginpath) - 1); + strncat(pluginpath, filename, CONTROL_MAXPATH_LEN - strlen (pluginpath) - 1); if(!strcasecmp(ext, CTL_PLUGIN_EXT)) { if(ext && !strcasecmp(ext, CTL_PLUGIN_EXT) && i > 0) { @@ -259,7 +262,7 @@ static char *GetDefaultSearchPath(AFB_ApiT apiHandle) strncat(searchPath, CONTROL_PLUGIN_PATH, CTL_PLGN_len); } - strncat(searchPath, ":", 1); + strncat(searchPath, ":", sizeof(searchPath) - 1); strncat(searchPath, bindingPath, bindingPath_len); return searchPath; |