secure coding: strcat => strncat

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

secure coding: strcat => strncat
1076f938 · Donghwa Jeong · Christian Brauner · 9bb379ba · 1076f938 · 1076f938
Unverified Commit 1076f938 authored Jun 20, 2018 by Donghwa Jeong Committed by Christian Brauner Jun 22, 2018
6 changed files
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -856,8 +856,8 @@ static bool append_ttyname(char **pp, char *name)
 		return false;

 	*pp = p;
-	strcat(p, " ");
-	strcat(p, name);
+	strncat(p, " ", 1);
+	strncat(p, name, strlen(name));

 	return true;
 }
@@ -1788,9 +1788,10 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs,
 	return lxc_setup_ttydir_console(rootfs, console, ttydir);
 }

-static void parse_mntopt(char *opt, unsigned long *flags, char **data)
+static void parse_mntopt(char *opt, unsigned long *flags, char **data, size_t size)
 {
 	struct mount_opt *mo;
+	size_t cursize;

 	/* If opt is found in mount_opt, set or clear flags.
 	 * Otherwise append it to data. */
@@ -1805,15 +1806,23 @@ static void parse_mntopt(char *opt, unsigned long *flags, char **data)
 		}
 	}

-	if (strlen(*data))
-		strcat(*data, ",");
-	strcat(*data, opt);
+	cursize = strlen(*data);
+	if (cursize)
+		cursize += 1;
+
+	if (size - cursize > 1) {
+		if (cursize)
+			strncat(*data, ",", 1);
+
+		strncat(*data, opt, size - cursize - 1);
+	}
 }

 int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
 {
 	char *data, *p, *s;
 	char *saveptr = NULL;
+	size_t size;

 	*mntdata = NULL;
 	*mntflags = 0L;
@@ -1825,7 +1834,8 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
 	if (!s)
 		return -1;

-	data = malloc(strlen(s) + 1);
+	size = strlen(s) + 1;
+	data = malloc(size);
 	if (!data) {
 		free(s);
 		return -1;
@@ -1833,7 +1843,7 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
 	*data = 0;

 	for (; (p = strtok_r(s, ",", &saveptr)); s = NULL)
-		parse_mntopt(p, mntflags, &data);
+		parse_mntopt(p, mntflags, &data, size);

 	if (*data)
 		*mntdata = data;

--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2046,10 +2046,11 @@ int append_unexp_config_line(const char *line, struct lxc_conf *conf)
 		conf->unexpanded_config = tmp;
 		conf->unexpanded_alloced += 1024;
 	}
-	strcat(conf->unexpanded_config, line);
+
+	strncat(conf->unexpanded_config, line, linelen);
 	conf->unexpanded_len += linelen;
 	if (line[linelen - 1] != '\n') {
-		strcat(conf->unexpanded_config, "\n");
+		strncat(conf->unexpanded_config, "\n", 1);
 		conf->unexpanded_len++;
 	}


--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -1634,8 +1634,8 @@ static char *string_join(const char *sep, const char **parts, bool use_as_prefix

 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
-			strcat(result, sep);
-		strcat(result, *p);
+			strncat(result, sep, sep_len);
+		strncat(result, *p, strlen(*p));
 	}

 	return result;

--- a/src/lxc/pam/utils.c
+++ b/src/lxc/pam/utils.c
@@ -77,10 +77,12 @@ char *must_make_path(const char *first, ...)
 		full_len += strlen(cur);
 		if (cur[0] != '/')
 			full_len++;
+
 		dest = must_realloc(dest, full_len + 1);
+
 		if (cur[0] != '/')
-			strcat(dest, "/");
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);


--- a/src/lxc/tools/tool_utils.c
+++ b/src/lxc/tools/tool_utils.c
@@ -517,8 +517,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)

 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
-			strcat(result, sep);
-		strcat(result, *p);
+			strncat(result, sep, sep_len);
+		strncat(result, *p, strlen(*p));
 	}

 	return result;
@@ -1079,10 +1079,12 @@ char *must_make_path(const char *first, ...)
 		full_len += strlen(cur);
 		if (cur[0] != '/')
 			full_len++;
+
 		dest = must_realloc(dest, full_len + 1);
+
 		if (cur[0] != '/')
-			strcat(dest, "/");
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);


--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -649,8 +649,8 @@ char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix)

 	for (p = (char **)parts; *p; p++) {
 		if (p > (char **)parts)
-			strcat(result, sep);
-		strcat(result, *p);
+			strncat(result, sep, sep_len);
+		strncat(result, *p, strlen(*p));
 	}

 	return result;
@@ -2318,10 +2318,12 @@ char *must_make_path(const char *first, ...)
 		full_len += strlen(cur);
 		if (cur[0] != '/')
 			full_len++;
+
 		dest = must_realloc(dest, full_len + 1);
+
 		if (cur[0] != '/')
-			strcat(dest, "/");
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);

@@ -2339,16 +2341,14 @@ char *must_append_path(char *first, ...)
 	va_start(args, first);
 	while ((cur = va_arg(args, char *)) != NULL) {
 		full_len += strlen(cur);
-
 		if (cur[0] != '/')
 			full_len++;

 		dest = must_realloc(dest, full_len + 1);

 		if (cur[0] != '/')
-			strcat(dest, "/");
-
-		strcat(dest, cur);
+			strncat(dest, "/", 1);
+		strncat(dest, cur, strlen(cur));
 	}
 	va_end(args);