From 12af59f130372022695276c24333420e78ac8c45 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Mon, 11 Apr 2005 20:09:33 +0000 Subject: [PATCH] * Began an assault on strcpy() --- webcit/ChangeLog | 4 +++ webcit/auth.c | 35 ++++++++++++---------- webcit/vcard.c | 2 +- webcit/vcard_edit.c | 10 +++---- webcit/webcit.c | 73 ++++++++++++++++++++++----------------------- webcit/webserver.c | 11 +++---- 6 files changed, 71 insertions(+), 64 deletions(-) diff --git a/webcit/ChangeLog b/webcit/ChangeLog index d54b65481..461541b40 100644 --- a/webcit/ChangeLog +++ b/webcit/ChangeLog @@ -1,4 +1,7 @@ $Log$ +Revision 610.3 2005/04/11 20:09:33 ajc +* Began an assault on strcpy() + Revision 610.2 2005/04/11 14:45:12 ajc * Replaced serv_gets() with serv_getln() - which now requires the caller to supply the size of the target buffer. @@ -2509,3 +2512,4 @@ Sun Dec 6 19:50:55 EST 1998 Art Cancro 1998-12-03 Nathan Bryant * webserver.c: warning fix + diff --git a/webcit/auth.c b/webcit/auth.c index 06150fa1f..1564dbc4c 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -78,7 +78,7 @@ void become_logged_in(char *user, char *pass, char *serv_response) WC->logged_in = 1; extract_token(WC->wc_username, &serv_response[4], 0, '|', sizeof WC->wc_username); - strcpy(WC->wc_password, pass); + safestrncpy(WC->wc_password, pass, sizeof WC->wc_password); WC->axlevel = extract_int(&serv_response[4], 1); if (WC->axlevel >= 6) { WC->is_aide = 1; @@ -195,7 +195,7 @@ void do_welcome(void) */ get_preference("startpage", buf, sizeof buf); if (strlen(buf)==0) { - strcpy(buf, "/dotskip&room=_BASEROOM_"); + safestrncpy(buf, "/dotskip&room=_BASEROOM_", sizeof buf); set_preference("startpage", buf); } http_redirect(buf); @@ -216,9 +216,9 @@ void do_logout(void) { char buf[SIZ]; - strcpy(WC->wc_username, ""); - strcpy(WC->wc_password, ""); - strcpy(WC->wc_roomname, ""); + safestrncpy(WC->wc_username, "", sizeof WC->wc_username); + safestrncpy(WC->wc_password, "", sizeof WC->wc_password); + safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname); /* Calling output_headers() this way causes the cookies to be un-set */ output_headers(1, 1, 0, 1, 0, 0, 0); @@ -267,7 +267,7 @@ void validate(void) "\n
\n" ); - strcpy(buf, bstr("user")); + safestrncpy(buf, bstr("user"), sizeof buf); if (strlen(buf) > 0) if (strlen(bstr("axlevel")) > 0) { serv_printf("VALI %s|%s", buf, bstr("axlevel")); @@ -289,7 +289,7 @@ void validate(void) "
\n"); wprintf("
"); - strcpy(user, &buf[4]); + safestrncpy(user, &buf[4], sizeof user); serv_printf("GREG %s", user); serv_getln(cmd, sizeof cmd); if (cmd[0] == '1') { @@ -392,7 +392,7 @@ void display_changepw(void) wprintf("" "%s
\n", WC->ImportantMessage); do_template("endbox"); - strcpy(WC->ImportantMessage, ""); + safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage); } wprintf("
" @@ -432,25 +432,28 @@ void changepw(void) char newpass1[32], newpass2[32]; if (strcmp(bstr("action"), "Change")) { - strcpy(WC->ImportantMessage, - "Cancelled. Password was not changed."); + safestrncpy(WC->ImportantMessage, + "Cancelled. Password was not changed.", + sizeof WC->ImportantMessage); display_main_menu(); return; } - strcpy(newpass1, bstr("newpass1")); - strcpy(newpass2, bstr("newpass2")); + safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1); + safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2); if (strcasecmp(newpass1, newpass2)) { - strcpy(WC->ImportantMessage, - "They don't match. Password was not changed."); + safestrncpy(WC->ImportantMessage, + "They don't match. Password was not changed.", + sizeof WC->ImportantMessage); display_changepw(); return; } if (strlen(newpass1) == 0) { - strcpy(WC->ImportantMessage, - "Blank passwords are not allowed."); + safestrncpy(WC->ImportantMessage, + "Blank passwords are not allowed.", + sizeof WC->ImportantMessage); display_changepw(); return; } diff --git a/webcit/vcard.c b/webcit/vcard.c index 7c1ebae86..bbe0485bd 100644 --- a/webcit/vcard.c +++ b/webcit/vcard.c @@ -245,7 +245,7 @@ char *vcard_serialize(struct vCard *v) ser = malloc(len); if (ser == NULL) return NULL; - strcpy(ser, "begin:vcard\r\n"); + safestrncpy(ser, "begin:vcard\r\n", len); if (v->numprops) for (i=0; i<(v->numprops); ++i) { strcat(ser, v->prop[i].name); strcat(ser, ":"); diff --git a/webcit/vcard_edit.c b/webcit/vcard_edit.c index 0c70975b0..bcb79387c 100644 --- a/webcit/vcard_edit.c +++ b/webcit/vcard_edit.c @@ -81,7 +81,7 @@ void do_edit_vcard(long msgnum, char *partnum, char *return_to) { org[0] = 0; extrafields[0] = 0; - strcpy(whatuser, ""); + safestrncpy(whatuser, "", sizeof whatuser); if (msgnum >= 0) { sprintf(buf, "MSG0 %ld|1", msgnum); @@ -93,7 +93,7 @@ void do_edit_vcard(long msgnum, char *partnum, char *return_to) { } while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) { if (!strncasecmp(buf, "from=", 5)) { - strcpy(whatuser, &buf[5]); + safestrncpy(whatuser, &buf[5], sizeof whatuser); } else if (!strncasecmp(buf, "node=", 5)) { strcat(whatuser, " @ "); @@ -135,11 +135,11 @@ void do_edit_vcard(long msgnum, char *partnum, char *return_to) { } else if (!strcasecmp(key, "title")) { - strcpy(title, value); + safestrncpy(title, value, sizeof title); } else if (!strcasecmp(key, "org")) { - strcpy(org, value); + safestrncpy(org, value, sizeof org); } else if (!strcasecmp(key, "adr")) { @@ -162,7 +162,7 @@ void do_edit_vcard(long msgnum, char *partnum, char *return_to) { else if (!strcasecmp(key, "email;internet")) { if (primary_inetemail[0] == 0) { - strcpy(primary_inetemail, value); + safestrncpy(primary_inetemail, value, sizeof primary_inetemail); } else { if (other_inetemail[0] != 0) { diff --git a/webcit/webcit.c b/webcit/webcit.c index af8b4fbd7..5e8568cf6 100644 --- a/webcit/webcit.c +++ b/webcit/webcit.c @@ -87,7 +87,7 @@ void addurls(char *url) u = (struct urlcontent *) malloc(sizeof(struct urlcontent)); u->next = WC->urlstrings; WC->urlstrings = u; - strcpy(u->url_key, buf); + safestrncpy(u->url_key, buf, sizeof u->url_key); /* now chop that part off */ for (a = 0; a <= b; ++a) @@ -109,7 +109,7 @@ void addurls(char *url) strcpy(ptr, ""); u->url_data = malloc(strlen(up) + 2); - strcpy(u->url_data, up); + safestrncpy(u->url_data, up, sizeof u->url_data); u->url_data[b] = 0; unescape_input(u->url_data); up = ptr; @@ -441,7 +441,7 @@ void output_headers( int do_httpheaders, /* 1 = output HTTP headers "%s
\n", WC->ImportantMessage); do_template("endbox"); wprintf("
\n"); - strcpy(WC->ImportantMessage, ""); + safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage); } } @@ -528,12 +528,12 @@ void http_transmit_thing(char *thing, size_t length, char *content_type, void output_static(char *what) { - char buf[4096]; + char buf[256]; FILE *fp; struct stat statbuf; off_t bytes; char *bigbuffer; - char content_type[SIZ]; + char content_type[128]; sprintf(buf, "static/%s", what); fp = fopen(buf, "rb"); @@ -544,40 +544,38 @@ void output_static(char *what) wprintf("Cannot open %s: %s\n", what, strerror(errno)); } else { if (!strncasecmp(&what[strlen(what) - 4], ".gif", 4)) - strcpy(content_type, "image/gif"); + safestrncpy(content_type, "image/gif", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".txt", 4)) - strcpy(content_type, "text/plain"); + safestrncpy(content_type, "text/plain", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".css", 4)) - strcpy(content_type, "text/css"); + safestrncpy(content_type, "text/css", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".jpg", 4)) - strcpy(content_type, "image/jpeg"); + safestrncpy(content_type, "image/jpeg", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".png", 4)) - strcpy(content_type, "image/png"); + safestrncpy(content_type, "image/png", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".ico", 4)) - strcpy(content_type, "image/x-icon"); + safestrncpy(content_type, "image/x-icon", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 5], ".html", 5)) - strcpy(content_type, "text/html"); + safestrncpy(content_type, "text/html", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".htm", 4)) - strcpy(content_type, "text/html"); + safestrncpy(content_type, "text/html", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 4], ".wml", 4)) - strcpy(content_type, "text/vnd.wap.wml"); + safestrncpy(content_type, "text/vnd.wap.wml", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 5], ".wmls", 5)) - strcpy(content_type, "text/vnd.wap.wmlscript"); + safestrncpy(content_type, "text/vnd.wap.wmlscript", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 5], ".wmlc", 5)) - strcpy(content_type, "application/vnd.wap.wmlc"); + safestrncpy(content_type, "application/vnd.wap.wmlc", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 6], ".wmlsc", 6)) - strcpy(content_type, "application/vnd.wap.wmlscriptc"); + safestrncpy(content_type, "application/vnd.wap.wmlscriptc", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 5], ".wbmp", 5)) - strcpy(content_type, "image/vnd.wap.wbmp"); + safestrncpy(content_type, "image/vnd.wap.wbmp", sizeof content_type); else if (!strncasecmp(&what[strlen(what) - 3], ".js", 3)) - strcpy(content_type, "text/javascript"); + safestrncpy(content_type, "text/javascript", sizeof content_type); else - strcpy(content_type, "application/octet-stream"); + safestrncpy(content_type, "application/octet-stream", sizeof content_type); fstat(fileno(fp), &statbuf); bytes = statbuf.st_size; - /* lprintf(3, "Static: %s, (%s; %ld bytes)\r\n", - what, content_type, bytes); */ bigbuffer = malloc(bytes + 2); fread(bigbuffer, bytes, 1, fp); fclose(fp); @@ -757,8 +755,9 @@ void offer_start_page(void) { void change_start_page(void) { if (bstr("startpage") == NULL) { - strcpy(WC->ImportantMessage, - "startpage set to null"); + safestrncpy(WC->ImportantMessage, + "startpage set to null", + sizeof WC->ImportantMessage); display_main_menu(); return; } @@ -886,12 +885,12 @@ void session_loop(struct httprequest *req) char c_httpauth_pass[SIZ]; char cookie[SIZ]; - strcpy(c_username, ""); - strcpy(c_password, ""); - strcpy(c_roomname, ""); - strcpy(c_httpauth_string, ""); - strcpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER); - strcpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS); + safestrncpy(c_username, "", sizeof c_username); + safestrncpy(c_password, "", sizeof c_password); + safestrncpy(c_roomname, "", sizeof c_roomname); + safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string); + safestrncpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER, sizeof c_httpauth_user); + safestrncpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS, sizeof c_httpauth_pass); WC->upload_length = 0; WC->upload = NULL; @@ -902,13 +901,13 @@ void session_loop(struct httprequest *req) hptr = req; if (hptr == NULL) return; - strcpy(cmd, hptr->line); + safestrncpy(cmd, hptr->line, sizeof cmd); hptr = hptr->next; extract_token(method, cmd, 0, ' ', sizeof method); extract_action(action, cmd); while (hptr != NULL) { - strcpy(buf, hptr->line); + safestrncpy(buf, hptr->line, sizeof buf); hptr = hptr->next; if (!strncasecmp(buf, "Cookie: webcit=", 15)) { @@ -949,7 +948,7 @@ void session_loop(struct httprequest *req) ContentType, ContentLength); body_start = strlen(content); - /* Be daring and read it all at once. */ + /* Read the entire input data at once. */ client_read(WC->http_sock, &content[BytesRead+body_start], ContentLength); @@ -983,7 +982,7 @@ void session_loop(struct httprequest *req) /* Static content can be sent without connecting to Citadel. */ if (!strcasecmp(action, "static")) { - strcpy(buf, &cmd[12]); + safestrncpy(buf, &cmd[12], sizeof buf); for (a = 0; a < strlen(buf); ++a) if (isspace(buf[a])) buf[a] = 0; @@ -1061,8 +1060,8 @@ void session_loop(struct httprequest *req) if (buf[0] == '2') { become_logged_in(c_httpauth_user, c_httpauth_pass, buf); - strcpy(WC->httpauth_user, c_httpauth_user); - strcpy(WC->httpauth_pass, c_httpauth_pass); + safestrncpy(WC->httpauth_user, c_httpauth_user, sizeof WC->httpauth_user); + safestrncpy(WC->httpauth_pass, c_httpauth_pass, sizeof WC->httpauth_pass); } } } @@ -1118,7 +1117,7 @@ void session_loop(struct httprequest *req) serv_printf("GOTO %s", c_roomname); serv_getln(buf, sizeof buf); if (buf[0] == '2') { - strcpy(WC->wc_roomname, c_roomname); + safestrncpy(WC->wc_roomname, c_roomname, sizeof WC->wc_roomname); } } diff --git a/webcit/webserver.c b/webcit/webserver.c index 70078b4c6..e43cd89fb 100644 --- a/webcit/webserver.c +++ b/webcit/webserver.c @@ -421,13 +421,13 @@ int main(int argc, char **argv) #endif switch (a) { case 'i': - strcpy(ip_addr, optarg); + safestrncpy(ip_addr, optarg, sizeof ip_addr); break; case 'p': port = atoi(optarg); break; case 't': - strcpy(tracefile, optarg); + safestrncpy(tracefile, optarg, sizeof tracefile); freopen(tracefile, "w", stdout); freopen(tracefile, "w", stderr); freopen(tracefile, "r", stdin); @@ -436,10 +436,11 @@ int main(int argc, char **argv) verbosity = atoi(optarg); break; case 'c': - server_cookie = malloc(SIZ); + server_cookie = malloc(256); if (server_cookie != NULL) { - strcpy(server_cookie, - "Set-cookie: wcserver="); + safestrncpy(server_cookie, + "Set-cookie: wcserver=", + 256); if (gethostname (&server_cookie[strlen(server_cookie)], 200) != 0) { -- 2.39.2