folkert/simh-testsetgenerator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SCP: Avoid potential buffer overruns by using strlcpy() and strlcat()

Browse source
This commit is contained in:
Mark Pizzolato 2019-03-08 12:31:01 -08:00
parent 72451ba202
commit c7b0928b33
5 changed files with 35 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
scp.c
View file

@ -2587,7 +2587,7 @@ setenv ("SIM_REGEX_TYPE", "REGEX", 1); /* Publish regex type */
if (*argv[0]) { /* sim name arg? */
char *np; /* "path.ini" */
strncpy (nbuf, argv[0], PATH_MAX + 1); /* copy sim name */
strlcpy (nbuf, argv[0], PATH_MAX + 2); /* copy sim name */
if ((np = (char *)match_ext (nbuf, "EXE"))) /* remove .exe */
*np = 0;
np = strrchr (nbuf, '/'); /* stript path and try again in cwd */
@ -2618,7 +2618,7 @@ if (*cbuf) /* cmd file arg? */
else if (*argv[0]) { /* sim name arg? */
char *np; /* "path.ini" */
nbuf[0] = '"'; /* starting " */
strncpy (nbuf + 1, argv[0], PATH_MAX + 1); /* copy sim name */
strlcpy (nbuf + 1, argv[0], PATH_MAX + 2); /* copy sim name */
if ((np = (char *)match_ext (nbuf, "EXE"))) /* remove .exe */
*np = 0;
strlcat (nbuf, ".ini\"", sizeof (nbuf)); /* add .ini" */

16
sim_disk.c
View file

@ -1489,8 +1489,7 @@ if (sim_switches & SWMASK ('C')) { /* create vhd disk & cop
if (r == SCPE_OK) {
created = TRUE;
copied = TRUE;
tbuf[sizeof(tbuf)-1] = '\0';
strncpy (tbuf, gbuf, sizeof(tbuf)-1);
strlcpy (tbuf, gbuf, sizeof(tbuf)-1);
cptr = tbuf;
sim_disk_set_fmt (uptr, 0, "VHD", NULL);
sim_switches = saved_sim_switches;
@ -1564,7 +1563,7 @@ uptr->filename = (char *) calloc (CBUFSIZE, sizeof (char));/* alloc name buf */
uptr->disk_ctx = ctx = (struct disk_context *)calloc(1, sizeof(struct disk_context));
if ((uptr->filename == NULL) || (uptr->disk_ctx == NULL))
return _err_return (uptr, SCPE_MEM);
strncpy (uptr->filename, cptr, CBUFSIZE); /* save name */
strlcpy (uptr->filename, cptr, CBUFSIZE); /* save name */
ctx->sector_size = (uint32)sector_size; /* save sector_size */
ctx->capac_factor = ((dptr->dwidth / dptr->aincr) == 16) ? 2 : 1; /* save capacity units (word: 2, byte: 1) */
ctx->xfer_element_size = (uint32)xfer_element_size; /* save xfer_element_size */
@ -3489,8 +3488,10 @@ if ((sDynamic) &&
if ((0 == memcmp (sDynamic->ParentUniqueID, sParentFooter.UniqueID, sizeof (sParentFooter.UniqueID))) &&
((sDynamic->ParentTimeStamp == ParentModificationTime) ||
((NtoHl(sDynamic->ParentTimeStamp)-NtoHl(ParentModificationTime)) == 3600) ||
(sim_switches & SWMASK ('O'))))
strncpy (szParentVHDPath, CheckPath, ParentVHDPathSize);
(sim_switches & SWMASK ('O')))) {
memset (szParentVHDPath, 0, ParentVHDPathSize);
strlcpy (szParentVHDPath, CheckPath, ParentVHDPathSize);
}
else {
if (0 != memcmp (sDynamic->ParentUniqueID, sParentFooter.UniqueID, sizeof (sParentFooter.UniqueID)))
sim_printf ("Error Invalid Parent VHD '%s' for Differencing VHD: %s\n", CheckPath, szVHDPath);
@ -4092,7 +4093,7 @@ char *wd = getcwd(buffer, PATH_MAX);
if ((szFileSpec[0] != '/') || (strchr (szFileSpec, ':')))
snprintf (szFullFileSpecBuffer, BufferSize, "%s/%s", wd, szFileSpec);
else
strncpy (szFullFileSpecBuffer, szFileSpec, BufferSize);
strlcpy (szFullFileSpecBuffer, szFileSpec, BufferSize);
if ((c = strstr (szFullFileSpecBuffer, "]/")))
memmove (c+1, c+2, strlen(c+2)+1);
memset (szFullFileSpecBuffer + strlen (szFullFileSpecBuffer), 0, BufferSize - strlen (szFullFileSpecBuffer));
@ -4106,7 +4107,8 @@ HostPathToVhdPath (const char *szHostPath,
{
char *c, *d;
strncpy (szVhdPath, szHostPath, VhdPathSize-1);
memset (szVhdPath, 0, VhdPathSize);
strlcpy (szVhdPath, szHostPath, VhdPathSize-1);
if ((szVhdPath[1] == ':') && islower(szVhdPath[0]))
szVhdPath[0] = toupper(szVhdPath[0]);
szVhdPath[VhdPathSize-1] = '\0';

38
sim_ether.c
View file

@ -416,14 +416,14 @@ t_stat eth_mac_scan_ex (ETH_MAC* mac, const char* strmac, UNIT *uptr)
memset (&state, 0, sizeof(state));
_eth_get_system_id (state.system_id, sizeof(state.system_id));
strncpy (state.sim, sim_name, sizeof(state.sim));
strlcpy (state.sim, sim_name, sizeof(state.sim));
getcwd (state.cwd, sizeof(state.cwd));
if (uptr)
strncpy (state.uname, sim_uname (uptr), sizeof(state.uname)-1);
strlcpy (state.uname, sim_uname (uptr), sizeof(state.uname));
cptr = strchr (strmac, '>');
if (cptr) {
state.file[sizeof(state.file)-1] = '\0';
strncpy (state.file, cptr + 1, sizeof(state.file)-1);
strlcpy (state.file, cptr + 1, sizeof(state.file));
if ((f = fopen (state.file, "r"))) {
filebuf[sizeof(filebuf)-1] = '\0';
fgets (filebuf, sizeof(filebuf)-1, f);
@ -2014,7 +2014,7 @@ if (0 == strncmp("tap:", savname, 4)) {
/* Send interface requests to TUN/TAP driver. */
if (ioctl(tun, TUNSETIFF, &ifr) >= 0) {
if (ioctl(tun, FIONBIO, &on)) {
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
close(tun);
}
else {
@ -2023,10 +2023,10 @@ if (0 == strncmp("tap:", savname, 4)) {
}
}
else
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
}
else
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
#elif defined(HAVE_BSDTUNTAP) && defined(HAVE_TAP_NETWORK)
if (1) {
char dev_name[64] = "";
@ -2036,7 +2036,7 @@ if (0 == strncmp("tap:", savname, 4)) {
if ((tun = open(dev_name, O_RDWR)) >= 0) {
if (ioctl(tun, FIONBIO, &on)) {
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
close(tun);
}
else {
@ -2050,12 +2050,12 @@ if (0 == strncmp("tap:", savname, 4)) {
memset (&ifr, 0, sizeof(ifr));
ifr.ifr_addr.sa_family = AF_INET;
strncpy(ifr.ifr_name, savname, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_name, savname, sizeof(ifr.ifr_name));
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) >= 0) {
if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) >= 0) {
ifr.ifr_flags |= IFF_UP;
if (ioctl(s, SIOCSIFFLAGS, (caddr_t)&ifr)) {
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
close(tun);
}
}
@ -2065,10 +2065,10 @@ if (0 == strncmp("tap:", savname, 4)) {
#endif
}
else
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
}
#else
strncpy(errbuf, "No support for tap: devices", PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, "No support for tap: devices", PCAP_ERRBUF_SIZE);
#endif /* !defined(__linux) && !defined(HAVE_BSDTUNTAP) */
if (0 == errbuf[0]) {
*eth_api = ETH_API_TAP;
@ -2101,13 +2101,13 @@ else { /* !tap: */
}
if (!(*handle = (void*) vde_open((char *)vdeswitch_s, (char *)"simh", &voa)))
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
else {
*eth_api = ETH_API_VDE;
*fd_handle = vde_datafd((VDECONN*)(*handle));
}
#else
strncpy(errbuf, "No support for vde: network devices", PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, "No support for vde: network devices", PCAP_ERRBUF_SIZE);
#endif /* defined(HAVE_VDE_NETWORK) */
}
else { /* !vde: */
@ -2118,13 +2118,13 @@ else { /* !tap: */
while (isspace(*devname))
++devname;
if (!(*handle = (void*) sim_slirp_open(devname, opaque, &_slirp_callback, dptr, dbit)))
strncpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, strerror(errno), PCAP_ERRBUF_SIZE);
else {
*eth_api = ETH_API_NAT;
*fd_handle = 0;
}
#else
strncpy(errbuf, "No support for nat: network devices", PCAP_ERRBUF_SIZE-1);
strlcpy(errbuf, "No support for nat: network devices", PCAP_ERRBUF_SIZE);
#endif /* defined(HAVE_SLIRP_NETWORK) */
}
else { /* not nat: */
@ -2204,7 +2204,7 @@ else { /* !tap: */
#endif /* defined (__APPLE__) */
#endif /* !defined (USE_READER_THREAD) */
#else
strncpy (errbuf, "Unknown or unsupported network device", PCAP_ERRBUF_SIZE-1);
strlcpy (errbuf, "Unknown or unsupported network device", PCAP_ERRBUF_SIZE);
#endif /* defined(HAVE_PCAP_NETWORK) */
} /* not udp:, so attempt to open the parameter as if it were an explicit device name */
} /* !nat: */
@ -4033,11 +4033,11 @@ else {
/* copy device list into the passed structure */
for (i=0, dev=alldevs; dev && (i < max); dev=dev->next, ++i) {
if ((dev->flags & PCAP_IF_LOOPBACK) || (!strcmp("any", dev->name))) continue;
strncpy(list[i].name, dev->name, sizeof(list[i].name)-1);
strlcpy(list[i].name, dev->name, sizeof(list[i].name));
if (dev->description)
strncpy(list[i].desc, dev->description, sizeof(list[i].desc)-1);
strlcpy(list[i].desc, dev->description, sizeof(list[i].desc));
else
strncpy(list[i].desc, "No description available", sizeof(list[i].desc)-1);
strlcpy(list[i].desc, "No description available", sizeof(list[i].desc));
}
/* free device list */

4
sim_serial.c
View file

@ -187,9 +187,9 @@ serial_open_devices = (struct open_serial_device *)realloc(serial_open_devices,
memset(&serial_open_devices[serial_open_device_count-1], 0, sizeof(serial_open_devices[serial_open_device_count-1]));
serial_open_devices[serial_open_device_count-1].port = port;
serial_open_devices[serial_open_device_count-1].line = line;
strncpy(serial_open_devices[serial_open_device_count-1].name, name, sizeof(serial_open_devices[serial_open_device_count-1].name)-1);
strlcpy(serial_open_devices[serial_open_device_count-1].name, name, sizeof(serial_open_devices[serial_open_device_count-1].name));
if (config)
strncpy(serial_open_devices[serial_open_device_count-1].config, config, sizeof(serial_open_devices[serial_open_device_count-1].config)-1);
strlcpy(serial_open_devices[serial_open_device_count-1].config, config, sizeof(serial_open_devices[serial_open_device_count-1].config));
return &serial_open_devices[serial_open_device_count-1];
}

6
sim_video.c
View file

@ -1656,9 +1656,9 @@ if (vid_flags & SIM_VID_INPUTCAPTURED) {
char title[150];
memset (title, 0, sizeof(title));
strncpy (title, vid_title, sizeof(title)-1);
strncat (title, " ReleaseKey=", sizeof(title)-(1+strlen(title)));
strncat (title, vid_release_key, sizeof(title)-(1+strlen(title)));
strlcpy (title, vid_title, sizeof(title));
strlcat (title, " ReleaseKey=", sizeof(title));
strlcat (title, vid_release_key, sizeof(title));
#if SDL_MAJOR_VERSION == 1
SDL_WM_SetCaption (title, title);
#else