[app/sessreg] Replace strncpy calls with a sane version that always terminates

Submitted by Peter Hutterer on Sept. 12, 2018, 4:50 a.m.

Details

Message ID 20180912045036.GA5906@jelly
State New
Series "Replace strncpy calls with a sane version that always terminates"
Headers show

Commit Message

Peter Hutterer Sept. 12, 2018, 4:50 a.m.
Fixes coverity complaints about potentially unterminated strings

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 sessreg.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

Patch hide | download patch | download mbox

diff --git a/sessreg.c b/sessreg.c
index 0a8fdb2..53b30b0 100644
--- a/sessreg.c
+++ b/sessreg.c
@@ -192,6 +192,14 @@  sysnerr (int x, const char *s)
 	return x;
 }
 
+static void
+safe_strncpy(char *dest, const char *src, size_t n)
+{
+    (void)strncpy(dest, src, n);
+    if (n > 0)
+        dest[n - 1] = '\0';
+}
+
 int
 main (int argc, char **argv)
 {
@@ -406,9 +414,9 @@  main (int argc, char **argv)
 			memset(&ll, 0, sizeof(ll));
 			ll.ll_time = current_time;
 			if (line)
-			 (void) strncpy (ll.ll_line, line, sizeof (ll.ll_line));
+			 safe_strncpy (ll.ll_line, line, sizeof (ll.ll_line));
 			if (host_name)
-			 (void) strncpy (ll.ll_host, host_name, sizeof (ll.ll_host));
+			 safe_strncpy (ll.ll_host, host_name, sizeof (ll.ll_host));
 
 			sysnerr (write (llog, (char *) &ll, sizeof (ll))
 					== sizeof (ll), "write lastlog entry");
@@ -429,11 +437,11 @@  set_utmp (struct utmp *u, char *line, char *user, char *host, time_t date, int a
 {
 	memset (u, 0, sizeof (*u));
 	if (line)
-		(void) strncpy (u->ut_line, line, sizeof (u->ut_line));
+		safe_strncpy (u->ut_line, line, sizeof (u->ut_line));
 	else
 		memset (u->ut_line, 0, sizeof (u->ut_line));
 	if (addp && user)
-		(void) strncpy (u->ut_name, user, sizeof (u->ut_name));
+		safe_strncpy (u->ut_name, user, sizeof (u->ut_name));
 	else
 		memset (u->ut_name, 0, sizeof (u->ut_name));
 #ifdef HAVE_STRUCT_UTMP_UT_ID
@@ -451,7 +459,7 @@  set_utmp (struct utmp *u, char *line, char *user, char *host, time_t date, int a
 			i -= sizeof (u->ut_id);
 		else
 			i = 0;
-		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
+		safe_strncpy (u->ut_id, line + i, sizeof (u->ut_id));
 	} else
 		memset (u->ut_id, 0, sizeof (u->ut_id));
 #endif
@@ -469,7 +477,7 @@  set_utmp (struct utmp *u, char *line, char *user, char *host, time_t date, int a
 #endif
 #ifdef HAVE_STRUCT_UTMP_UT_HOST
 	if (addp && host)
-		(void) strncpy (u->ut_host, host, sizeof (u->ut_host));
+		safe_strncpy (u->ut_host, host, sizeof (u->ut_host));
 	else
 		memset (u->ut_host, 0, sizeof (u->ut_host));
 #endif
@@ -513,7 +521,7 @@  set_utmpx (struct utmpx *u, const char *line, const char *user,
 		if(strcmp(line, ":0") == 0)
 			(void) strcpy(u->ut_line, "console");
 		else
-			(void) strncpy (u->ut_line, line, sizeof (u->ut_line));
+			safe_strncpy (u->ut_line, line, sizeof (u->ut_line));
 
 		strncpy(u->ut_host, line, sizeof(u->ut_host));
 #ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
@@ -523,7 +531,7 @@  set_utmpx (struct utmpx *u, const char *line, const char *user,
 	else
 		memset (u->ut_line, 0, sizeof (u->ut_line));
 	if (addp && user)
-		(void) strncpy (u->ut_user, user, sizeof (u->ut_user));
+		safe_strncpy (u->ut_user, user, sizeof (u->ut_user));
 	else
 		memset (u->ut_user, 0, sizeof (u->ut_user));
 
@@ -541,7 +549,7 @@  set_utmpx (struct utmpx *u, const char *line, const char *user,
 			i -= sizeof (u->ut_id);
 		else
 			i = 0;
-		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
+		safe_strncpy (u->ut_id, line + i, sizeof (u->ut_id));
 
 		/* make sure there is no entry using identical ut_id */
 		if (!UtmpxIdOpen(u->ut_id) && addp) {

Comments

Walter Harms Sept. 12, 2018, 7:09 a.m.
> Peter Hutterer <peter.hutterer@who-t.net> hat am 12. September 2018 um 06:50
> geschrieben:
> 
> 
> Fixes coverity complaints about potentially unterminated strings
> 
> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> ---
>  sessreg.c | 26 +++++++++++++++++---------
>  1 file changed, 17 insertions(+), 9 deletions(-)
> 
> diff --git a/sessreg.c b/sessreg.c
> index 0a8fdb2..53b30b0 100644
> --- a/sessreg.c
> +++ b/sessreg.c
> @@ -192,6 +192,14 @@ sysnerr (int x, const char *s)
>  	return x;
>  }
>  
> +static void
> +safe_strncpy(char *dest, const char *src, size_t n)
> +{

if you add
     if (!src)
          return;

you can also remove the if (x) before strncpy()

> +    (void)strncpy(dest, src, n);
> +    if (n > 0)
> +        dest[n - 1] = '\0';
> +}
> +


just my 2 cents

re,
 wh

>  int
>  main (int argc, char **argv)
>  {
> @@ -406,9 +414,9 @@ main (int argc, char **argv)
>  			memset(&ll, 0, sizeof(ll));
>  			ll.ll_time = current_time;
>  			if (line)
> -			 (void) strncpy (ll.ll_line, line, sizeof (ll.ll_line));
> +			 safe_strncpy (ll.ll_line, line, sizeof (ll.ll_line));
>  			if (host_name)
> -			 (void) strncpy (ll.ll_host, host_name, sizeof (ll.ll_host));
> +			 safe_strncpy (ll.ll_host, host_name, sizeof (ll.ll_host));
>  
>  			sysnerr (write (llog, (char *) &ll, sizeof (ll))
>  					== sizeof (ll), "write lastlog entry");
> @@ -429,11 +437,11 @@ set_utmp (struct utmp *u, char *line, char *user, char
> *host, time_t date, int a
>  {
>  	memset (u, 0, sizeof (*u));
>  	if (line)
> -		(void) strncpy (u->ut_line, line, sizeof (u->ut_line));
> +		safe_strncpy (u->ut_line, line, sizeof (u->ut_line));
>  	else
>  		memset (u->ut_line, 0, sizeof (u->ut_line));
>  	if (addp && user)
> -		(void) strncpy (u->ut_name, user, sizeof (u->ut_name));
> +		safe_strncpy (u->ut_name, user, sizeof (u->ut_name));
>  	else
>  		memset (u->ut_name, 0, sizeof (u->ut_name));
>  #ifdef HAVE_STRUCT_UTMP_UT_ID
> @@ -451,7 +459,7 @@ set_utmp (struct utmp *u, char *line, char *user, char
> *host, time_t date, int a
>  			i -= sizeof (u->ut_id);
>  		else
>  			i = 0;
> -		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
> +		safe_strncpy (u->ut_id, line + i, sizeof (u->ut_id));
>  	} else
>  		memset (u->ut_id, 0, sizeof (u->ut_id));
>  #endif
> @@ -469,7 +477,7 @@ set_utmp (struct utmp *u, char *line, char *user, char
> *host, time_t date, int a
>  #endif
>  #ifdef HAVE_STRUCT_UTMP_UT_HOST
>  	if (addp && host)
> -		(void) strncpy (u->ut_host, host, sizeof (u->ut_host));
> +		safe_strncpy (u->ut_host, host, sizeof (u->ut_host));
>  	else
>  		memset (u->ut_host, 0, sizeof (u->ut_host));
>  #endif
> @@ -513,7 +521,7 @@ set_utmpx (struct utmpx *u, const char *line, const char
> *user,
>  		if(strcmp(line, ":0") == 0)
>  			(void) strcpy(u->ut_line, "console");
>  		else
> -			(void) strncpy (u->ut_line, line, sizeof (u->ut_line));
> +			safe_strncpy (u->ut_line, line, sizeof (u->ut_line));
>  
>  		strncpy(u->ut_host, line, sizeof(u->ut_host));
>  #ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
> @@ -523,7 +531,7 @@ set_utmpx (struct utmpx *u, const char *line, const char
> *user,
>  	else
>  		memset (u->ut_line, 0, sizeof (u->ut_line));
>  	if (addp && user)
> -		(void) strncpy (u->ut_user, user, sizeof (u->ut_user));
> +		safe_strncpy (u->ut_user, user, sizeof (u->ut_user));
>  	else
>  		memset (u->ut_user, 0, sizeof (u->ut_user));
>  
> @@ -541,7 +549,7 @@ set_utmpx (struct utmpx *u, const char *line, const char
> *user,
>  			i -= sizeof (u->ut_id);
>  		else
>  			i = 0;
> -		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
> +		safe_strncpy (u->ut_id, line + i, sizeof (u->ut_id));
>  
>  		/* make sure there is no entry using identical ut_id */
>  		if (!UtmpxIdOpen(u->ut_id) && addp) {
> -- 
> 2.17.1
> 
> _______________________________________________
> xorg-devel@lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: https://lists.x.org/mailman/listinfo/xorg-devel
Peter Hutterer Sept. 12, 2018, 8:24 a.m.
On Wed, Sep 12, 2018 at 09:09:22AM +0200, Walter Harms wrote:
> 
> 
> > Peter Hutterer <peter.hutterer@who-t.net> hat am 12. September 2018 um 06:50
> > geschrieben:
> > 
> > 
> > Fixes coverity complaints about potentially unterminated strings
> > 
> > Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> > ---
> >  sessreg.c | 26 +++++++++++++++++---------
> >  1 file changed, 17 insertions(+), 9 deletions(-)
> > 
> > diff --git a/sessreg.c b/sessreg.c
> > index 0a8fdb2..53b30b0 100644
> > --- a/sessreg.c
> > +++ b/sessreg.c
> > @@ -192,6 +192,14 @@ sysnerr (int x, const char *s)
> >  	return x;
> >  }
> >  
> > +static void
> > +safe_strncpy(char *dest, const char *src, size_t n)
> > +{
> 
> if you add
>      if (!src)
>           return;
> 
> you can also remove the if (x) before strncpy()

tbh, I'd rather touch this code as little as possible. there's more cleanup
possible but...

Cheers,
   Peter

> 
> > +    (void)strncpy(dest, src, n);
> > +    if (n > 0)
> > +        dest[n - 1] = '\0';
> > +}
> > +
> 
> 
> just my 2 cents
> 
> re,
>  wh
> 
> >  int
> >  main (int argc, char **argv)
> >  {
> > @@ -406,9 +414,9 @@ main (int argc, char **argv)
> >  			memset(&ll, 0, sizeof(ll));
> >  			ll.ll_time = current_time;
> >  			if (line)
> > -			 (void) strncpy (ll.ll_line, line, sizeof (ll.ll_line));
> > +			 safe_strncpy (ll.ll_line, line, sizeof (ll.ll_line));
> >  			if (host_name)
> > -			 (void) strncpy (ll.ll_host, host_name, sizeof (ll.ll_host));
> > +			 safe_strncpy (ll.ll_host, host_name, sizeof (ll.ll_host));
> >  
> >  			sysnerr (write (llog, (char *) &ll, sizeof (ll))
> >  					== sizeof (ll), "write lastlog entry");
> > @@ -429,11 +437,11 @@ set_utmp (struct utmp *u, char *line, char *user, char
> > *host, time_t date, int a
> >  {
> >  	memset (u, 0, sizeof (*u));
> >  	if (line)
> > -		(void) strncpy (u->ut_line, line, sizeof (u->ut_line));
> > +		safe_strncpy (u->ut_line, line, sizeof (u->ut_line));
> >  	else
> >  		memset (u->ut_line, 0, sizeof (u->ut_line));
> >  	if (addp && user)
> > -		(void) strncpy (u->ut_name, user, sizeof (u->ut_name));
> > +		safe_strncpy (u->ut_name, user, sizeof (u->ut_name));
> >  	else
> >  		memset (u->ut_name, 0, sizeof (u->ut_name));
> >  #ifdef HAVE_STRUCT_UTMP_UT_ID
> > @@ -451,7 +459,7 @@ set_utmp (struct utmp *u, char *line, char *user, char
> > *host, time_t date, int a
> >  			i -= sizeof (u->ut_id);
> >  		else
> >  			i = 0;
> > -		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
> > +		safe_strncpy (u->ut_id, line + i, sizeof (u->ut_id));
> >  	} else
> >  		memset (u->ut_id, 0, sizeof (u->ut_id));
> >  #endif
> > @@ -469,7 +477,7 @@ set_utmp (struct utmp *u, char *line, char *user, char
> > *host, time_t date, int a
> >  #endif
> >  #ifdef HAVE_STRUCT_UTMP_UT_HOST
> >  	if (addp && host)
> > -		(void) strncpy (u->ut_host, host, sizeof (u->ut_host));
> > +		safe_strncpy (u->ut_host, host, sizeof (u->ut_host));
> >  	else
> >  		memset (u->ut_host, 0, sizeof (u->ut_host));
> >  #endif
> > @@ -513,7 +521,7 @@ set_utmpx (struct utmpx *u, const char *line, const char
> > *user,
> >  		if(strcmp(line, ":0") == 0)
> >  			(void) strcpy(u->ut_line, "console");
> >  		else
> > -			(void) strncpy (u->ut_line, line, sizeof (u->ut_line));
> > +			safe_strncpy (u->ut_line, line, sizeof (u->ut_line));
> >  
> >  		strncpy(u->ut_host, line, sizeof(u->ut_host));
> >  #ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
> > @@ -523,7 +531,7 @@ set_utmpx (struct utmpx *u, const char *line, const char
> > *user,
> >  	else
> >  		memset (u->ut_line, 0, sizeof (u->ut_line));
> >  	if (addp && user)
> > -		(void) strncpy (u->ut_user, user, sizeof (u->ut_user));
> > +		safe_strncpy (u->ut_user, user, sizeof (u->ut_user));
> >  	else
> >  		memset (u->ut_user, 0, sizeof (u->ut_user));
> >  
> > @@ -541,7 +549,7 @@ set_utmpx (struct utmpx *u, const char *line, const char
> > *user,
> >  			i -= sizeof (u->ut_id);
> >  		else
> >  			i = 0;
> > -		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
> > +		safe_strncpy (u->ut_id, line + i, sizeof (u->ut_id));
> >  
> >  		/* make sure there is no entry using identical ut_id */
> >  		if (!UtmpxIdOpen(u->ut_id) && addp) {
> > -- 
> > 2.17.1
> > 
> > _______________________________________________
> > xorg-devel@lists.x.org: X.Org development
> > Archives: http://lists.x.org/archives/xorg-devel
> > Info: https://lists.x.org/mailman/listinfo/xorg-devel
Alan Coopersmith Sept. 12, 2018, 11:10 p.m.
On 09/12/18 12:09 AM, Walter Harms wrote:
> 
> 
>> Peter Hutterer <peter.hutterer@who-t.net> hat am 12. September 2018 um 06:50
>> geschrieben:
>>
>>
>> Fixes coverity complaints about potentially unterminated strings
>>
>> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
>> ---
>>   sessreg.c | 26 +++++++++++++++++---------
>>   1 file changed, 17 insertions(+), 9 deletions(-)
>>
>> diff --git a/sessreg.c b/sessreg.c
>> index 0a8fdb2..53b30b0 100644
>> --- a/sessreg.c
>> +++ b/sessreg.c
>> @@ -192,6 +192,14 @@ sysnerr (int x, const char *s)
>>   	return x;
>>   }
>>   
>> +static void
>> +safe_strncpy(char *dest, const char *src, size_t n)
>> +{
> 
> if you add
>       if (!src)
>            return;
> 
> you can also remove the if (x) before strncpy()

You'd only be able to remove if's from a couple calls so it doesn't seem
like it really buys you much.

I'd be tempted to handle this for non-glibc platforms with something like

#ifdef HAVE_STRLCPY
#define safe_strncpy strlcpy
#else
static void
safe_strncpy(char *dest, const char *src, size_t n)
{
...
}
#endif

which was going to be another argument against it, but I suppose that
could also just be handled via
#define safe_strncpy(d, s, n) do { \
   if (s) { strlcpy(d, s, n); } \
while(0)