Assorted bounds checks (via flawfinder)
This commit is contained in:
Brian Cox
parent
d3f859bfbd
commit
b2f21c3d55
|
|
@ -63,7 +63,7 @@ cDebug::cDebug(const char* label)
|
|||
|
||||
cDebug::cDebug(const cDebug &rhs)
|
||||
{
|
||||
strcpy(mLabel, rhs.mLabel);
|
||||
strcpy(mLabel, rhs.mLabel, MAX_LABEL);
|
||||
}
|
||||
|
||||
cDebug::~cDebug()
|
||||
|
|
@ -102,7 +102,7 @@ void cDebug::DoTrace(const char *format, va_list &args)
|
|||
char out[2048];
|
||||
size_t guard2 = 0xBABABABA;
|
||||
|
||||
vsprintf(out, format, args);
|
||||
vsnprintf(out, 2048, format, args);
|
||||
|
||||
ASSERT(guard1 == 0xBABABABA && guard2 == 0xBABABABA); // string was too long
|
||||
ASSERT(strlen(out) < 1024);
|
||||
|
|
@ -304,7 +304,7 @@ void cDebug::DebugOut( const char* lpOutputString, ... )
|
|||
// create the output buffer
|
||||
va_list args;
|
||||
va_start(args, lpOutputString);
|
||||
vsprintf(buf, lpOutputString, args);
|
||||
vsnprintf(buf, 2048, lpOutputString, args);
|
||||
va_end(args);
|
||||
|
||||
#ifdef _DEBUG
|
||||
|
|
|
|||
|
|
@ -43,9 +43,9 @@
|
|||
#if IS_UNIX
|
||||
namespace //unique
|
||||
{
|
||||
TCHAR* tw_itot( int value, TCHAR* string, int radix)
|
||||
TCHAR* tw_itot( int value, TCHAR* string, int radix, int size)
|
||||
{
|
||||
_stprintf( string, "%d", value );
|
||||
snprintf( string, size, "%d", value );
|
||||
return string;
|
||||
}
|
||||
}
|
||||
|
|
@ -61,7 +61,7 @@ eInternal::eInternal(TCHAR* sourceFile, int lineNum)
|
|||
mMsg = _T("File: ");
|
||||
mMsg += sourceFile;
|
||||
mMsg += _T(" Line: ");
|
||||
mMsg += tw_itot(lineNum, buf, 10);
|
||||
mMsg += tw_itot(lineNum, buf, 10, 256);
|
||||
}
|
||||
|
||||
//=============================================================================
|
||||
|
|
|
|||
|
|
@ -264,7 +264,7 @@ TSTRING& cUnixFSServices::MakeTempFilename( TSTRING& strName ) const throw(eFSSe
|
|||
char szTemplate[iFSServices::TW_MAX_PATH];
|
||||
int fd;
|
||||
|
||||
strcpy( szTemplate, strName.c_str() );
|
||||
strncpy( szTemplate, strName.c_str(), iFSServices::TW_MAX_PATH );
|
||||
|
||||
#ifdef HAVE_MKSTEMP
|
||||
// create temp filename and check to see if mkstemp failed
|
||||
|
|
@ -605,7 +605,7 @@ bool cUnixFSServices::GetGroupName( gid_t group_id, TSTRING& tstrGroup ) const
|
|||
void cUnixFSServices::ConvertModeToString( uint64 perm, TSTRING& tstrPerm ) const
|
||||
{
|
||||
TCHAR szPerm[11]; //10 permission bits plus the NULL
|
||||
_tcscpy( szPerm, _T("----------") );
|
||||
strncpy( szPerm, _T("----------"), 11);
|
||||
|
||||
ASSERT( sizeof(unsigned short) <= sizeof(uint32) );
|
||||
// We do this in case an "unsigned short" is ever larger than the
|
||||
|
|
|
|||
|
|
@ -112,8 +112,9 @@ void cFCONameTblNode::SetString(const TSTRING& newStr)
|
|||
mpString = NULL;
|
||||
}
|
||||
|
||||
mpString = (TCHAR*)util_AllocMem( sizeof(TCHAR)*(newStr.length()+1) );
|
||||
_tcscpy( mpString, newStr.c_str() );
|
||||
size_t alloc_size = sizeof(TCHAR)*(newStr.length()+1);
|
||||
mpString = (TCHAR*)util_AllocMem(alloc_size);
|
||||
strncpy( mpString, newStr.c_str(), alloc_size );
|
||||
|
||||
// NOTE -- the lower case pointer is now invalid.
|
||||
}
|
||||
|
|
|
|||
|
|
@ -556,8 +556,8 @@ TSTRING cMD5Signature::AsStringHex() const
|
|||
|
||||
for(int i = 0; i < SIG_BYTE_SIZE; ++i)
|
||||
{
|
||||
_stprintf(stringBuffer, _T("%02lx"), (unsigned long)dbuf[i]);
|
||||
_tcscat(sigStringOut, stringBuffer);
|
||||
snprintf(stringBuffer, 128, _T("%02lx"), (unsigned long)dbuf[i]);
|
||||
strncat(sigStringOut, stringBuffer, 128);
|
||||
}
|
||||
ret.append(sigStringOut);
|
||||
|
||||
|
|
@ -679,8 +679,8 @@ TSTRING cSHASignature::AsStringHex() const
|
|||
|
||||
for (int i=0; i < SIG_UINT32_SIZE*(int)sizeof(uint32); ++i)
|
||||
{
|
||||
_stprintf(stringBuffer, _T("%02x"), dbuf[i]);
|
||||
_tcscat(sigStringOut, stringBuffer);
|
||||
snprintf(stringBuffer, 128, _T("%02x"), dbuf[i]);
|
||||
strncat(sigStringOut, stringBuffer, 128);
|
||||
}
|
||||
ret.append(sigStringOut);
|
||||
|
||||
|
|
@ -754,8 +754,8 @@ TSTRING cSHASignature::AsStringHex() const
|
|||
|
||||
for (int i=0; i < SIG_UINT32_SIZE; ++i)
|
||||
{
|
||||
_stprintf(stringBuffer, _T("%08x"), mSHAInfo.digest[i]);
|
||||
_tcscat(sigStringOut, stringBuffer);
|
||||
snprintf(stringBuffer, 128, _T("%08x"), mSHAInfo.digest[i]);
|
||||
strncat(sigStringOut, stringBuffer, 128);
|
||||
}
|
||||
ret.append(sigStringOut);
|
||||
|
||||
|
|
@ -856,8 +856,8 @@ TSTRING cHAVALSignature::AsStringHex() const
|
|||
|
||||
for (int i=0; i < SIG_BYTE_SIZE; ++i)
|
||||
{
|
||||
_stprintf(stringBuffer, _T("%02x"), mSignature[i]);
|
||||
_tcscat(sigStringOut, stringBuffer);
|
||||
snprintf(stringBuffer, 128, _T("%02x"), mSignature[i]);
|
||||
strncat(sigStringOut, stringBuffer, 128);
|
||||
}
|
||||
ret.append(sigStringOut);
|
||||
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ static int gethostname( char* name, int namelen )
|
|||
|
||||
if ( strlen( myname.nodename ) < (unsigned int)namelen )
|
||||
{
|
||||
strcpy( name, myname.nodename );
|
||||
strncpy( name, myname.nodename, namelen );
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -1393,7 +1393,7 @@ yy_parse::yyExpandName(int num, int isrule, char * buf, int len)
|
|||
|
||||
for (endp = buf + len - 8; *s; s++) {
|
||||
if (buf >= endp) { /* too large: return 0 */
|
||||
full: (void) strcpy(buf, " ...\n");
|
||||
full: (void) strncpy(buf, " ...\n", len);
|
||||
return 0;
|
||||
} else if (*s == '%') { /* nonterminal */
|
||||
type = 0;
|
||||
|
|
@ -1423,7 +1423,7 @@ yy_parse::yyExpandName(int num, int isrule, char * buf, int len)
|
|||
|
||||
if ((i = strlen(cp)) + buf > endp)
|
||||
goto full;
|
||||
(void) strcpy(buf, cp);
|
||||
(void) strncpy(buf, cp, len);
|
||||
buf += i;
|
||||
} else
|
||||
*buf++ = *s;
|
||||
|
|
|
|||
Loading…
Reference in New Issue