From 6c5a4c48590d6314f5ac7f0e562cea583d5e70af Mon Sep 17 00:00:00 2001 From: Carles Fernandez Date: Tue, 13 Aug 2019 13:10:45 +0200 Subject: [PATCH] Remove usage of strcpy See CWE-119 https://cwe.mitre.org/data/definitions/119.html --- src/algorithms/libs/rtklib/rtklib_pntpos.cc | 4 +- src/algorithms/libs/rtklib/rtklib_rtkcmn.cc | 47 ++++++++-------- src/algorithms/libs/rtklib/rtklib_rtkpos.cc | 2 +- src/algorithms/libs/rtklib/rtklib_rtksvr.cc | 8 +-- src/algorithms/libs/rtklib/rtklib_solution.cc | 6 +-- src/algorithms/libs/rtklib/rtklib_stream.cc | 54 +++++++++---------- 6 files changed, 61 insertions(+), 60 deletions(-) diff --git a/src/algorithms/libs/rtklib/rtklib_pntpos.cc b/src/algorithms/libs/rtklib/rtklib_pntpos.cc index 8fa031fa8..170763eb4 100644 --- a/src/algorithms/libs/rtklib/rtklib_pntpos.cc +++ b/src/algorithms/libs/rtklib/rtklib_pntpos.cc @@ -832,7 +832,7 @@ int raim_fde(const obsd_t *obs, int n, const double *rs, sat = obs[i].sat; rms = rms_e; vsat[i] = 0; - strcpy(msg, msg_e); + std::strncpy(msg, msg_e, 128); } if (stat) { @@ -1013,7 +1013,7 @@ int pntpos(const obsd_t *obs, int n, const nav_t *nav, if (n <= 0) { - strcpy(msg, "no observation data"); + std::strncpy(msg, "no observation data", 20); return 0; } diff --git a/src/algorithms/libs/rtklib/rtklib_rtkcmn.cc b/src/algorithms/libs/rtklib/rtklib_rtkcmn.cc index 4f01acf57..7ae3d67c2 100644 --- a/src/algorithms/libs/rtklib/rtklib_rtkcmn.cc +++ b/src/algorithms/libs/rtklib/rtklib_rtkcmn.cc @@ -52,6 +52,7 @@ #include "rtklib_rtkcmn.h" #include +#include #include #include #include @@ -502,7 +503,7 @@ void satno2id(int sat, char *id) sprintf(id, "%03d", prn); return; } - strcpy(id, ""); + std::strncpy(id, "", 1); } @@ -672,31 +673,31 @@ void setcodepri(int sys, int freq, const char *pri) { if (sys & SYS_GPS) { - strcpy(codepris[0][freq - 1], pri); + std::strncpy(codepris[0][freq - 1], pri, 16); } if (sys & SYS_GLO) { - strcpy(codepris[1][freq - 1], pri); + std::strncpy(codepris[1][freq - 1], pri, 16); } if (sys & SYS_GAL) { - strcpy(codepris[2][freq - 1], pri); + std::strncpy(codepris[2][freq - 1], pri, 16); } if (sys & SYS_QZS) { - strcpy(codepris[3][freq - 1], pri); + std::strncpy(codepris[3][freq - 1], pri, 16); } if (sys & SYS_SBS) { - strcpy(codepris[4][freq - 1], pri); + std::strncpy(codepris[4][freq - 1], pri, 16); } if (sys & SYS_BDS) { - strcpy(codepris[5][freq - 1], pri); + std::strncpy(codepris[5][freq - 1], pri, 16); } if (sys & SYS_IRN) { - strcpy(codepris[6][freq - 1], pri); + std::strncpy(codepris[6][freq - 1], pri, 16); } } else @@ -2973,7 +2974,7 @@ pcv_t *searchpcv(int sat, const char *type, gtime_t time, { if (strlen(type) < MAXANT + 1) { - strcpy(buff, type); + std::strncpy(buff, type, MAXANT); } else { @@ -3864,7 +3865,7 @@ void traceopen(const char *file) } if (strlen(file) < 1025) { - strcpy(file_trace, file); + std::strncpy(file_trace, file, 1024); } else { @@ -4091,7 +4092,7 @@ void createdir(const char *path) if (strlen(path) < 1025) { - strcpy(buff, path); + std::strncpy(buff, path, 1024); } else { @@ -4136,13 +4137,13 @@ int repstr(char *str, const char *pat, const char *rep) if (strlen(p) < 1025) { - strcpy(r, p); + std::strncpy(r, p, 1024); } else { trace(1, "pat array is too long"); } - strcpy(str, buff); + std::strncpy(str, buff, 1024); return 1; } @@ -4186,7 +4187,7 @@ int reppath(const char *path, char *rpath, gtime_t time, const char *rov, int stat = 0; char rep[64]; - strcpy(rpath, path); + std::strncpy(rpath, path, 1024); if (!strstr(rpath, "%")) { @@ -5074,7 +5075,7 @@ int rtk_uncompress(const char *file, char *uncfile) if (strlen(file) < 1025) { - strcpy(tmpfile, file); + std::strncpy(tmpfile, file, 1024); } else { @@ -5090,7 +5091,7 @@ int rtk_uncompress(const char *file, char *uncfile) !strcmp(p, ".gz") || !strcmp(p, ".GZ") || !strcmp(p, ".zip") || !strcmp(p, ".ZIP")) { - strcpy(uncfile, tmpfile); + std::strncpy(uncfile, tmpfile, 1024); uncfile[p - tmpfile] = '\0'; sprintf(cmd, R"(gzip -f -d -c "%s" > "%s")", tmpfile, uncfile); @@ -5104,16 +5105,16 @@ int rtk_uncompress(const char *file, char *uncfile) } if (strlen(uncfile) < 1025) { - strcpy(tmpfile, uncfile); + std::strncpy(tmpfile, uncfile, 1024); } stat = 1; } /* extract tar file */ if ((p = strrchr(tmpfile, '.')) && !strcmp(p, ".tar")) { - strcpy(uncfile, tmpfile); + std::strncpy(uncfile, tmpfile, 1024); uncfile[p - tmpfile] = '\0'; - strcpy(buff, tmpfile); + std::strncpy(buff, tmpfile, 1024); fname = buff; if ((p = strrchr(buff, '/'))) { @@ -5160,7 +5161,7 @@ int rtk_uncompress(const char *file, char *uncfile) /* extract hatanaka-compressed file by cnx2rnx */ else if ((p = strrchr(tmpfile, '.')) && strlen(p) > 3 && (*(p + 3) == 'd' || *(p + 3) == 'D')) { - strcpy(uncfile, tmpfile); + std::strncpy(uncfile, tmpfile, 1024); uncfile[p - tmpfile + 3] = *(p + 3) == 'D' ? 'O' : 'o'; sprintf(cmd, R"(crx2rnx < "%s" > "%s")", tmpfile, uncfile); @@ -5270,14 +5271,14 @@ int expath(const char *path, char *paths[], int nmax) { if (strlen(paths[i]) < 1025) { - strcpy(tmp, paths[i]); + std::strncpy(tmp, paths[i], 1024); } else { trace(1, "Path is too long"); } - strcpy(paths[i], paths[j]); - strcpy(paths[j], tmp); + std::strncpy(paths[i], paths[j], 1024); + std::strncpy(paths[j], tmp, 1024); } } } diff --git a/src/algorithms/libs/rtklib/rtklib_rtkpos.cc b/src/algorithms/libs/rtklib/rtklib_rtkpos.cc index dab351493..b860109bb 100644 --- a/src/algorithms/libs/rtklib/rtklib_rtkpos.cc +++ b/src/algorithms/libs/rtklib/rtklib_rtkpos.cc @@ -163,7 +163,7 @@ int rtkopenstat(const char *file, int level) } if (strlen(file) < 1025) { - strcpy(file_stat, file); + std::strncpy(file_stat, file, 1024); } else { diff --git a/src/algorithms/libs/rtklib/rtklib_rtksvr.cc b/src/algorithms/libs/rtklib/rtklib_rtksvr.cc index 1ca2c6408..6ef6354ed 100644 --- a/src/algorithms/libs/rtklib/rtklib_rtksvr.cc +++ b/src/algorithms/libs/rtklib/rtklib_rtksvr.cc @@ -538,7 +538,7 @@ void decodefile(rtksvr_t *svr, int index) svr->nav.ne = svr->nav.nemax = nav.ne; svr->nav.peph = nav.peph; svr->ftime[index] = utc2gpst(timeget()); - strcpy(svr->files[index], file); + std::strncpy(svr->files[index], file, MAXSTRPATH); rtksvrunlock(svr); } @@ -561,7 +561,7 @@ void decodefile(rtksvr_t *svr, int index) svr->nav.nc = svr->nav.ncmax = nav.nc; svr->nav.pclk = nav.pclk; svr->ftime[index] = utc2gpst(timeget()); - strcpy(svr->files[index], file); + std::strncpy(svr->files[index], file, MAXSTRPATH); rtksvrunlock(svr); } @@ -991,11 +991,11 @@ int rtksvrstart(rtksvr_t *svr, int cycle, int buffsize, int *strs, /* set receiver and rtcm option */ if (strlen(rcvopts[i]) < 256) { - strcpy(svr->raw[i].opt, rcvopts[i]); + std::strncpy(svr->raw[i].opt, rcvopts[i], 256); } if (strlen(rcvopts[i]) < 256) { - strcpy(svr->rtcm[i].opt, rcvopts[i]); + std::strncpy(svr->rtcm[i].opt, rcvopts[i], 256); } /* connect dgps corrections */ diff --git a/src/algorithms/libs/rtklib/rtklib_solution.cc b/src/algorithms/libs/rtklib/rtklib_solution.cc index b7dbb7e7e..f27f1d6d1 100644 --- a/src/algorithms/libs/rtklib/rtklib_solution.cc +++ b/src/algorithms/libs/rtklib/rtklib_solution.cc @@ -414,11 +414,11 @@ char *decode_soltime(char *buff, const solopt_t *opt, gtime_t *time) if (!strcmp(opt->sep, "\\t")) { - strcpy(s, "\t"); + std::strncpy(s, "\t", 2); } else if (*opt->sep) { - strcpy(s, opt->sep); + std::strncpy(s, opt->sep, 64); } len = static_cast(strlen(s)); @@ -904,7 +904,7 @@ void decode_solopt(char *buff, solopt_t *opt) opt->times = TIMES_GPST; opt->posf = SOLF_GSIF; opt->degf = 0; - strcpy(opt->sep, " "); + std::strncpy(opt->sep, " ", 2); } } diff --git a/src/algorithms/libs/rtklib/rtklib_stream.cc b/src/algorithms/libs/rtklib/rtklib_stream.cc index 63f9430f5..8ab4b87a5 100644 --- a/src/algorithms/libs/rtklib/rtklib_stream.cc +++ b/src/algorithms/libs/rtklib/rtklib_stream.cc @@ -117,7 +117,7 @@ serial_t *openserial(const char *path, int mode, char *msg) } else if (strlen(path) < 128) { - strcpy(port, path); + std::strncpy(port, path, 128); } for (i = 0; i < 10; i++) @@ -422,7 +422,7 @@ file_t *openfile(const char *path, int mode, char *msg) file->fp = file->fp_tag = file->fp_tmp = file->fp_tag_tmp = nullptr; if (strlen(path) < MAXSTRPATH) { - strcpy(file->path, path); + std::strncpy(file->path, path, MAXSTRPATH); } if ((p = strstr(file->path, "::"))) { @@ -743,7 +743,7 @@ void decodetcppath(const char *path, char *addr, char *port, char *user, if (strlen(path) < MAXSTRPATH) { - strcpy(buff, path); + std::strncpy(buff, path, MAXSTRPATH); } if (!(p = strrchr(buff, '@'))) @@ -758,13 +758,13 @@ void decodetcppath(const char *path, char *addr, char *port, char *user, *q = '\0'; if (str) { - strcpy(str, q + 1); + std::strncpy(str, q + 1, NTRIP_MAXSTR); } } *p = '\0'; if (mntpnt) { - strcpy(mntpnt, p + 1); + std::strncpy(mntpnt, p + 1, 256); } } if ((p = strrchr(buff, '@'))) @@ -775,12 +775,12 @@ void decodetcppath(const char *path, char *addr, char *port, char *user, *q = '\0'; if (passwd) { - strcpy(passwd, q + 1); + std::strncpy(passwd, q + 1, 256); } } if (user) { - strcpy(user, buff); + std::strncpy(user, buff, 256); } } else @@ -793,12 +793,12 @@ void decodetcppath(const char *path, char *addr, char *port, char *user, *q = '\0'; if (port) { - strcpy(port, q + 1); + std::strncpy(port, q + 1, 256); } } if (addr) { - strcpy(addr, p); + std::strncpy(addr, p, 1024); } } @@ -1080,7 +1080,7 @@ void updatetcpsvr(tcpsvr_t *tcpsvr, char *msg) { continue; } - strcpy(saddr, tcpsvr->cli[i].saddr); + std::strncpy(saddr, tcpsvr->cli[i].saddr, 256); n++; } if (n == 0) @@ -1148,7 +1148,7 @@ int accsock(tcpsvr_t *tcpsvr, char *msg) memcpy(&tcpsvr->cli[i].addr, &addr, sizeof(addr)); if (strlen(inet_ntoa(addr.sin_addr)) < 256) { - strcpy(tcpsvr->cli[i].saddr, inet_ntoa(addr.sin_addr)); + std::strncpy(tcpsvr->cli[i].saddr, inet_ntoa(addr.sin_addr), 256); } sprintf(msg, "%s", tcpsvr->cli[i].saddr); tracet(2, "accsock: connected sock=%d addr=%s\n", tcpsvr->cli[i].sock, tcpsvr->cli[i].saddr); @@ -1641,7 +1641,7 @@ int rspntrip_c(ntrip_t *ntrip, char *msg) { ntrip->buff[128] = '\0'; } - strcpy(msg, p); + std::strncpy(msg, p, MAXSTRMSG); tracet(1, "rspntrip_s: %s nb=%d\n", msg, ntrip->nb); ntrip->nb = 0; ntrip->buff[0] = '\0'; @@ -1756,7 +1756,7 @@ ntrip_t *openntrip(const char *path, int type, char *msg) ntrip->url[k] = s_aux[k]; } } - strcpy(tpath, proxyaddr); + std::strncpy(tpath, proxyaddr, MAXSTRPATH); } /* open tcp client stream */ if (!(ntrip->tcp = opentcpcli(tpath, msg))) @@ -1847,7 +1847,7 @@ void decodeftppath(const char *path, char *addr, char *file, char *user, } if (strlen(path) < MAXSTRPATH) { - strcpy(buff, path); + std::strncpy(buff, path, MAXSTRPATH); } if ((p = strchr(buff, '/'))) @@ -1860,7 +1860,7 @@ void decodeftppath(const char *path, char *addr, char *file, char *user, sscanf(q + 2, "T=%d, %d, %d, %d", topts, topts + 1, topts + 2, topts + 3); } } - strcpy(file, p + 1); + std::strncpy(file, p + 1, 1024); *p = '\0'; } else @@ -1876,12 +1876,12 @@ void decodeftppath(const char *path, char *addr, char *file, char *user, *q = '\0'; if (passwd) { - strcpy(passwd, q + 1); + std::strncpy(passwd, q + 1, 256); } } if (user) { - strcpy(user, buff); + std::strncpy(user, buff, 256); } } else @@ -1889,7 +1889,7 @@ void decodeftppath(const char *path, char *addr, char *file, char *user, p = buff; } - strcpy(addr, p); + std::strncpy(addr, p, 1024); } @@ -1985,7 +1985,7 @@ void *ftpthread(void *arg) } /* if local file exist, skip download */ - strcpy(tmpfile, local); + std::strncpy(tmpfile, local, 1024); if ((p = strrchr(tmpfile, '.')) && (!strcmp(p, ".z") || !strcmp(p, ".gz") || !strcmp(p, ".zip") || !strcmp(p, ".Z") || !strcmp(p, ".GZ") || !strcmp(p, ".ZIP"))) @@ -1995,7 +1995,7 @@ void *ftpthread(void *arg) if ((fp = fopen(tmpfile, "rbe"))) { fclose(fp); - strcpy(ftp->local, tmpfile); + std::strncpy(ftp->local, tmpfile, 1024); tracet(3, "ftpthread: file exists %s\n", ftp->local); ftp->state = 2; return nullptr; @@ -2084,7 +2084,7 @@ void *ftpthread(void *arg) } if (strlen(tmpfile) < 1024) { - strcpy(local, tmpfile); + std::strncpy(local, tmpfile, 1024); } } else @@ -2097,7 +2097,7 @@ void *ftpthread(void *arg) } if (strlen(local) < 1024) { - strcpy(ftp->local, local); + std::strncpy(ftp->local, local, 1024); } ftp->state = 2; /* ftp completed */ @@ -2172,7 +2172,7 @@ int readftp(ftp_t *ftp, unsigned char *buff, int n, char *msg) { tracet(1, "readftp: ftp thread create error\n"); ftp->state = 3; - strcpy(msg, "ftp thread error"); + std::strncpy(msg, "ftp thread error", 17); return 0; } } @@ -2203,7 +2203,7 @@ int readftp(ftp_t *ftp, unsigned char *buff, int n, char *msg) ftp->tnext = nextdltime(ftp->topts, 1); ftp->state = 0; - strcpy(msg, ""); + std::strncpy(msg, "", 1); return static_cast(p - buff); } @@ -2291,7 +2291,7 @@ int stropen(stream_t *stream, int type, int mode, const char *path) stream->mode = mode; if (strlen(path) < MAXSTRPATH) { - strcpy(stream->path, path); + std::strncpy(stream->path, path, MAXSTRPATH); } stream->inb = stream->inr = stream->outb = stream->outr = 0; stream->tick = tickget(); @@ -2720,7 +2720,7 @@ void strsetdir(const char *dir) tracet(3, "strsetdir: dir=%s\n", dir); if (strlen(dir) < 1024) { - strcpy(localdir, dir); + std::strncpy(localdir, dir, 1024); } } @@ -2735,7 +2735,7 @@ void strsetproxy(const char *addr) tracet(3, "strsetproxy: addr=%s\n", addr); if (strlen(addr) < 256) { - strcpy(proxyaddr, addr); + std::strncpy(proxyaddr, addr, 256); } }