- replaced a lot of strcpy() calls with strlcpy() which is more secure.

2025-03-05 00:48:10 +00:00 · 2002-12-26 17:04:54 +00:00 · 2002-12-26 17:04:54 +00:00 · 695631b298
commit 695631b298
parent 6626395c88
10 changed files with 28 additions and 27 deletions
--- a/src/ngircd/client.c
+++ b/src/ngircd/client.c
@ -17,7 +17,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: client.c,v 1.69 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: client.c,v 1.70 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -86,7 +86,7 @@ Client_Init( VOID )
 	gethostname( This_Server->host, CLIENT_HOST_LEN );
 	h = gethostbyname( This_Server->host );
-	if( h ) strcpy( This_Server->host, h->h_name );
+	if( h ) strlcpy( This_Server->host, h->h_name, sizeof( This_Server->host ));
 	Client_SetID( This_Server, Conf_ServerName );
 	Client_SetInfo( This_Server, Conf_ServerInfo );
@ -175,7 +175,7 @@ Client_New( CONN_ID Idx, CLIENT *Introducer, CLIENT *TopServer, INT Type, CHAR *
 	if( Type == CLIENT_SERVER ) Generate_MyToken( client );
 	/* ist der User away? */
-	if( strchr( client->modes, 'a' )) strcpy( client->away, DEFAULT_AWAY_MSG );
+	if( strchr( client->modes, 'a' )) strlcpy( client->away, DEFAULT_AWAY_MSG, sizeof( client->away ));
 	/* Verketten */
 	client->next = (POINTER *)My_Clients;
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: conf.c,v 1.50 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: conf.c,v 1.51 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -235,7 +235,7 @@ Read_Config( VOID )
 		/* Is this the beginning of a new section? */
 		if(( str[0] == '[' ) && ( str[strlen( str ) - 1] == ']' ))
 		{
-			strcpy( section, str );
+			strlcpy( section, str, sizeof( section ));
 			if( strcasecmp( section, "[GLOBAL]" ) == 0 ) continue;
 			if( strcasecmp( section, "[OPERATOR]" ) == 0 )
 			{
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: conn.c,v 1.108 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: conn.c,v 1.109 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -1251,7 +1251,7 @@ New_Connection( INT Sock )
 	Log( LOG_INFO, "Accepted connection %d from %s:%d on socket %d.", idx, inet_ntoa( new_addr.sin_addr ), ntohs( new_addr.sin_port), Sock );
 	/* Hostnamen ermitteln */
-	strcpy( My_Connections[idx].host, inet_ntoa( new_addr.sin_addr ));
+	strlcpy( My_Connections[idx].host, inet_ntoa( new_addr.sin_addr ), sizeof( My_Connections[idx].host ));
 	Client_SetHostname( c, My_Connections[idx].host );
 	s = Resolve_Addr( &new_addr );
 	if( s )
@ -1588,8 +1588,8 @@ Check_Servers( VOID )
 		/* Hostnamen in IP aufloesen (Default bzw. im Fehlerfall: versuchen, den
 		 * konfigurierten Text direkt als IP-Adresse zu verwenden ... */
-		strcpy( Conf_Server[My_Connections[idx].our_server].ip, Conf_Server[i].host );
+		strlcpy( Conf_Server[My_Connections[idx].our_server].ip, Conf_Server[i].host, sizeof( Conf_Server[My_Connections[idx].our_server].ip ));
-		strcpy( My_Connections[idx].host, Conf_Server[i].host );
+		strlcpy( My_Connections[idx].host, Conf_Server[i].host, sizeof( My_Connections[idx].host ));
 		s = Resolve_Name( Conf_Server[i].host );
 		if( s )
 		{
@ -1677,7 +1677,7 @@ New_Server( INT Server, CONN_ID Idx )
 	/* Verbindung registrieren */
 	My_Connections[Idx].sock = new_sock;
 	My_Connections[Idx].addr = new_addr;
-	strcpy( My_Connections[Idx].host, Conf_Server[Server].host );
+	strlcpy( My_Connections[Idx].host, Conf_Server[Server].host, sizeof( My_Connections[Idx].host ));
 	/* Neuen Socket registrieren */
 	FD_SET( new_sock, &My_Sockets );
@ -1799,14 +1799,14 @@ Read_Resolver_Result( INT r_fd )
 		/* Eingehende Verbindung: Hostnamen setzen */
 		c = Client_GetFromConn( i );
 		assert( c != NULL );
-		strcpy( My_Connections[i].host, result );
+		strlcpy( My_Connections[i].host, result, sizeof( My_Connections[i].host ));
 		Client_SetHostname( c, result );
 	}
 	else
 	{
 		/* Ausgehende Verbindung (=Server): IP setzen */
 		assert( My_Connections[i].our_server > NONE );
-		strcpy( Conf_Server[My_Connections[i].our_server].ip, result );
+		strlcpy( Conf_Server[My_Connections[i].our_server].ip, result, sizeof( Conf_Server[My_Connections[i].our_server].ip ));
 	}
 	/* Penalty-Zeit zurueck setzen */
--- a/src/ngircd/irc-channel.c
+++ b/src/ngircd/irc-channel.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: irc-channel.c,v 1.21 2002/12/16 23:06:46 alex Exp $";
+static char UNUSED id[] = "$Id: irc-channel.c,v 1.22 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -179,7 +179,7 @@ IRC_JOIN( CLIENT *Client, REQUEST *Req )
 		if(( strchr( Channel_Modes( chan ), 'P' )) && ( strchr( Client_Modes( target ), 'o' ))) Channel_UserModeAdd( chan, target, 'o' );
 		/* Muessen Modes an andere Server gemeldet werden? */
-		strcpy( &modes[1], Channel_UserModes( chan, target ));
+		strlcpy( &modes[1], Channel_UserModes( chan, target ), sizeof( modes ) - 1 );
 		if( modes[1] ) modes[0] = 0x7;
 		else modes[0] = '\0';
--- a/src/ngircd/irc-mode.c
+++ b/src/ngircd/irc-mode.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: irc-mode.c,v 1.25 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: irc-mode.c,v 1.26 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -392,7 +392,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 					{
 						Channel_ModeDel( Channel, 'k' );
 						Channel_SetKey( Channel, Req->argv[arg_arg] );
-						strcpy( argadd, Channel_Key( Channel ));
+						strlcpy( argadd, Channel_Key( Channel ), sizeof( argadd ));
 						x[0] = *mode_ptr;
 					}
 					else ok = IRC_WriteStrClient( Origin, ERR_CHANOPRIVSNEEDED_MSG, Client_ID( Origin ), Channel_Name( Channel ));
--- a/src/ngircd/irc-server.c
+++ b/src/ngircd/irc-server.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: irc-server.c,v 1.26 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: irc-server.c,v 1.27 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -314,7 +314,7 @@ IRC_NJOIN( CLIENT *Client, REQUEST *Req )
 			IRC_WriteStrChannelPrefix( Client, chan, c, FALSE, "JOIN :%s", channame );
 			/* Channel-User-Modes setzen */
-			strcpy( modes, Channel_UserModes( chan, c ));
+			strlcpy( modes, Channel_UserModes( chan, c ), sizeof( modes ));
 			if( modes[0] )
 			{
 				/* Modes im Channel bekannt machen */
--- a/src/ngircd/irc.c
+++ b/src/ngircd/irc.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: irc.c,v 1.107 2002/12/12 12:24:18 alex Exp $";
+static char UNUSED id[] = "$Id: irc.c,v 1.108 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -74,7 +74,7 @@ IRC_KILL( CLIENT *Client, REQUEST *Req )
 	/* build reason string */
 	if( Client_Type( Client ) == CLIENT_USER ) sprintf( reason, "KILLed by %s: %s", Client_ID( Client ), Req->argv[1] );
-	else strcpy( reason, Req->argv[1] );
+	else strlcpy( reason, Req->argv[1], sizeof( reason ));
 	/* andere Server benachrichtigen */
 	IRC_WriteStrServersPrefix( Client, prefix, "KILL %s :%s", Req->argv[0], reason );
--- a/src/ngircd/ngircd.c
+++ b/src/ngircd/ngircd.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: ngircd.c,v 1.68 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: ngircd.c,v 1.69 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -399,6 +399,7 @@ NGIRCd_Rehash( VOID )
 	Conn_ExitListeners( );
 	/* Alten Server-Namen merken */
 	assert( sizeof( old_name ) == sizeof( Conf_ServerName ));
 	strcpy( old_name, Conf_ServerName );
 	/* Konfiguration neu lesen ... */
--- a/src/ngircd/parse.c
+++ b/src/ngircd/parse.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: parse.c,v 1.53 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: parse.c,v 1.54 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -360,7 +360,7 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 		}
 		/* Statuscode weiterleiten */
-		strcpy( str, Req->command );
+		strlcpy( str, Req->command, sizeof( str ));
 		for( i = 0; i < Req->argc; i++ )
 		{
 			if( i < Req->argc - 1 ) strlcat( str, " ", sizeof( str ));
--- a/src/ngircd/resolve.c
+++ b/src/ngircd/resolve.c
@ -14,7 +14,7 @@
 #include "portab.h"
-static char UNUSED id[] = "$Id: resolve.c,v 1.4 2002/12/12 12:24:18 alex Exp $";
+static char UNUSED id[] = "$Id: resolve.c,v 1.5 2002/12/26 17:04:54 alex Exp $";
 #include "imp.h"
 #include <assert.h>
@ -174,7 +174,7 @@ Do_ResolveAddr( struct sockaddr_in *Addr, INT w_fd )
 	/* Namen aufloesen */
 	h = gethostbyaddr( (CHAR *)&Addr->sin_addr, sizeof( Addr->sin_addr ), AF_INET );
-	if( h ) strcpy( hostname, h->h_name );
+	if( h ) strlcpy( hostname, h->h_name, sizeof( hostname ));
 	else
 	{
 #ifdef h_errno
@ -182,7 +182,7 @@ Do_ResolveAddr( struct sockaddr_in *Addr, INT w_fd )
 #else
 		Log_Resolver( LOG_WARNING, "Can't resolve address \"%s\"!", inet_ntoa( Addr->sin_addr ));
 #endif	
-		strcpy( hostname, inet_ntoa( Addr->sin_addr ));
+		strlcpy( hostname, inet_ntoa( Addr->sin_addr ), sizeof( hostname ));
 	}
 	/* Antwort an Parent schreiben */
@ -213,7 +213,7 @@ Do_ResolveName( CHAR *Host, INT w_fd )
 	if( h )
 	{
 		addr = (struct in_addr *)h->h_addr;
-		strcpy( ip, inet_ntoa( *addr ));
+		strlcpy( ip, inet_ntoa( *addr ), sizeof( ip ));
 	}
 	else
 	{