tree-wide: s/strncpy()/strlcpy()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/strncpy()/strlcpy()/g
3bfa1f5b · Christian Brauner · e9d425ab · 3bfa1f5b · 3bfa1f5b · 3bfa1f5b
Unverified Commit 3bfa1f5b authored May 11, 2018 by Christian Brauner
9 changed files
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -36,6 +36,10 @@
 #include "log.h"
 #include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 lxc_log_define(lxc_af_unix, lxc);
 int lxc_abstract_unix_open(const char *path, int type, int flags)
@@ -63,8 +67,9 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
 		errno = ENAMETOOLONG;
 		return -1;
 	}
-	/* addr.sun_path[0] has already been set to 0 by memset() */
-	strncpy(&addr.sun_path[1], &path[1], len);
+	/* do not enforce \0-termination */
+	memcpy(&addr.sun_path[1], &path[1], len);
 	ret = bind(fd, (struct sockaddr *)&addr,
 		   offsetof(struct sockaddr_un, sun_path) + len + 1);
@@ -116,8 +121,9 @@ int lxc_abstract_unix_connect(const char *path)
 		errno = ENAMETOOLONG;
 		return -1;
 	}
-	/* addr.sun_path[0] has already been set to 0 by memset() */
-	strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
+	/* do not enforce \0-termination */
+	memcpy(&addr.sun_path[1], &path[1], len);
 	ret = connect(fd, (struct sockaddr *)&addr,
 		      offsetof(struct sockaddr_un, sun_path) + len + 1);

--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -51,6 +51,10 @@
 #include <mntent.h>
 #endif
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 #define CRIU_VERSION		"2.0"
 #define CRIU_GITID_VERSION	"2.0"
@@ -535,6 +539,7 @@ static void exec_criu(struct criu_opts *opts)
 		argv = m;
 		lxc_list_for_each(it, &opts->c->lxc_conf->network) {
+			size_t retlen;
 			char eth[128], *veth;
 			char *fmt;
 			struct lxc_netdev *n = it->elem;
@@ -551,9 +556,9 @@ static void exec_criu(struct criu_opts *opts)
 			}
 			if (n->name[0] != '\0') {
-				if (strlen(n->name) >= sizeof(eth))
+				retlen = strlcpy(eth, n->name, sizeof(eth));
+				if (retlen >= sizeof(eth))
 					goto err;
-				strncpy(eth, n->name, sizeof(eth));
 			} else {
 				ret = snprintf(eth, sizeof(eth), "eth%d", netnr);
 				if (ret < 0 || ret >= sizeof(eth))

--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -43,6 +43,10 @@
 #include "utils.h"
 #include "lxccontainer.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 /* We're logging in seconds and nanoseconds. Assuming that the underlying
 * datatype is currently at maximum a 64bit integer, we have a date string that
 * is of maximum length (2^64 - 1) * 2 = (21 + 21) = 42.
@@ -575,8 +579,8 @@ extern const char *lxc_log_get_file(void)
 extern void lxc_log_set_prefix(const char *prefix)
 {
-	strncpy(log_prefix, prefix, sizeof(log_prefix));
+	/* We don't care if thte prefix is truncated. */
-	log_prefix[sizeof(log_prefix) - 1] = 0;
+	(void)strlcpy(log_prefix, prefix, sizeof(log_prefix));
 }
 extern const char *lxc_log_get_prefix(void)

--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -87,6 +87,9 @@
 #define MAX_BUFFER 4096
 #define NOT_SUPPORTED_ERROR "the requested function %s is not currently supported with unprivileged containers"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 /* Define faccessat() if missing from the C library */
 #ifndef HAVE_FACCESSAT
@@ -701,7 +704,7 @@ static void push_arg(char ***argp, char *arg, int *nargs)
 static char **split_init_cmd(const char *incmd)
 {
-	size_t len;
+	size_t len, retlen;
 	char *copy, *p;
 	char **argv;
 	int nargs = 0;
@@ -712,8 +715,10 @@ static char **split_init_cmd(const char *incmd)
 	len = strlen(incmd) + 1;
 	copy = alloca(len);
-	strncpy(copy, incmd, len);
+	retlen = strlcpy(copy, incmd, len);
-	copy[len - 1] = '\0';
+	if (retlen >= len) {
+		return NULL;
+	}
 	do {
 		argv = malloc(sizeof(char *));

--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -49,6 +49,10 @@
 #include "state.h"
 #include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 lxc_log_define(lxc_monitor, lxc);
 /* routines used by monitor publishers (containers) */
@@ -131,9 +135,8 @@ void lxc_monitor_send_state(const char *name, lxc_state_t state,
 			    const char *lxcpath)
 {
 	struct lxc_msg msg = {.type = lxc_msg_state, .value = state};
-	strncpy(msg.name, name, sizeof(msg.name));
-	msg.name[sizeof(msg.name) - 1] = 0;
+	(void)strlcpy(msg.name, name, sizeof(msg.name));
 	lxc_monitor_fifo_send(&msg, lxcpath);
 }
@@ -141,9 +144,8 @@ void lxc_monitor_send_exit_code(const char *name, int exit_code,
 				const char *lxcpath)
 {
 	struct lxc_msg msg = {.type = lxc_msg_exit_code, .value = exit_code};
-	strncpy(msg.name, name, sizeof(msg.name));
-	msg.name[sizeof(msg.name) - 1] = 0;
+	(void)strlcpy(msg.name, name, sizeof(msg.name));
 	lxc_monitor_fifo_send(&msg, lxcpath);
 }

--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -59,6 +59,10 @@
 #include <../include/ifaddrs.h>
 #endif
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 #ifndef IFLA_LINKMODE
 #define IFLA_LINKMODE 17
 #endif
@@ -1815,7 +1819,8 @@ static int lxc_ovs_attach_bridge(const char *bridge, const char *nic)
 int lxc_bridge_attach(const char *bridge, const char *ifname)
 {
-	int fd, index, err;
+	int err, fd, index;
+	size_t retlen;
 	struct ifreq ifr;
 	if (strlen(ifname) >= IFNAMSIZ)
@@ -1832,8 +1837,10 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
 	if (fd < 0)
 		return -errno;
-	strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
+	retlen = strlcpy(ifr.ifr_name, bridge, IFNAMSIZ);
-	ifr.ifr_name[IFNAMSIZ-1] = '\0';
+	if (retlen >= IFNAMSIZ)
+		return -E2BIG;
 	ifr.ifr_ifindex = index;
 	err = ioctl(fd, SIOCBRADDIF, &ifr);
 	close(fd);
@@ -2032,6 +2039,7 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
 	if (child == 0) {
 		int ret;
+		size_t retlen;
 		char pidstr[LXC_NUMSTRLEN64];
 		close(pipefd[0]);
@@ -2046,9 +2054,13 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
 		}
 		if (netdev->link[0] != '\0')
-			strncpy(netdev_link, netdev->link, IFNAMSIZ - 1);
+			retlen = strlcpy(netdev_link, netdev->link, IFNAMSIZ);
 		else
-			strncpy(netdev_link, "none", IFNAMSIZ - 1);
+			retlen = strlcpy(netdev_link, "none", IFNAMSIZ);
+		if (retlen >= IFNAMSIZ) {
+			SYSERROR("Invalid network device name");
+			_exit(EXIT_FAILURE);
+		}
 		ret = snprintf(pidstr, LXC_NUMSTRLEN64, "%d", pid);
 		if (ret < 0 || ret >= LXC_NUMSTRLEN64)

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -82,6 +82,10 @@
 #include "storage/storage.h"
 #include "storage/storage_utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 lxc_log_define(lxc_start, lxc);
 extern void mod_all_rdeps(struct lxc_container *c, bool inc);
@@ -377,6 +381,7 @@ static int signal_handler(int fd, uint32_t events, void *data,
 int lxc_serve_state_clients(const char *name, struct lxc_handler *handler,
 			    lxc_state_t state)
 {
+	size_t retlen;
 	ssize_t ret;
 	struct lxc_list *cur, *next;
 	struct state_client *client;
@@ -394,8 +399,9 @@ int lxc_serve_state_clients(const char *name, struct lxc_handler *handler,
 		return 0;
 	}
-	strncpy(msg.name, name, sizeof(msg.name));
+	retlen = strlcpy(msg.name, name, sizeof(msg.name));
-	msg.name[sizeof(msg.name) - 1] = 0;
+	if (retlen >= sizeof(msg.name))
+		return -E2BIG;
 	lxc_list_for_each_safe(cur, &handler->state_clients, next) {
 		client = cur->elem;

--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -41,6 +41,10 @@
 #include "storage.h"
 #include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 lxc_log_define(btrfs, lxc);
 /* defined in lxccontainer.c: needs to become common helper */
@@ -220,38 +224,46 @@ int btrfs_umount(struct lxc_storage *bdev)
 static int btrfs_subvolume_create(const char *path)
 {
-	int ret, fd = -1;
+	int ret, saved_errno;
+	size_t retlen;
 	struct btrfs_ioctl_vol_args args;
-	char *p, *newfull = strdup(path);
+	char *p, *newfull;
+	int fd = -1;
+	newfull = strdup(path);
 	if (!newfull) {
-		ERROR("Error: out of memory");
+		errno = ENOMEM;
-		return -1;
+		return -ENOMEM;
 	}
 	p = strrchr(newfull, '/');
 	if (!p) {
-		ERROR("bad path: %s", path);
 		free(newfull);
-		return -1;
+		errno = EINVAL;
+		return -EINVAL;
 	}
 	*p = '\0';
 	fd = open(newfull, O_RDONLY);
 	if (fd < 0) {
-		ERROR("Error opening %s", newfull);
 		free(newfull);
-		return -1;
+		return -errno;
 	}
 	memset(&args, 0, sizeof(args));
-	strncpy(args.name, p+1, BTRFS_SUBVOL_NAME_MAX);
+	retlen = strlcpy(args.name, p + 1, BTRFS_SUBVOL_NAME_MAX);
-	args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0;
+	if (retlen >= BTRFS_SUBVOL_NAME_MAX) {
+		free(newfull);
+		close(fd);
+		return -E2BIG;
+	}
 	ret = ioctl(fd, BTRFS_IOC_SUBVOL_CREATE, &args);
-	INFO("btrfs: snapshot create ioctl returned %d", ret);
+	saved_errno = errno;
-	free(newfull);
 	close(fd);
+	free(newfull);
+	errno = saved_errno;
 	return ret;
 }
@@ -298,9 +310,11 @@ out:
 int btrfs_snapshot(const char *orig, const char *new)
 {
-	int fd = -1, fddst = -1, ret = -1;
+	int fd, fddst, ret;
+	size_t retlen;
 	struct btrfs_ioctl_vol_args_v2 args;
-	char *newdir, *newname, *newfull = NULL;
+	char *newdir, *newname;
+	char *newfull = NULL;
 	newfull = strdup(new);
 	if (!newfull) {
@@ -326,9 +340,10 @@ int btrfs_snapshot(const char *orig, const char *new)
 	}
 	memset(&args, 0, sizeof(args));
-	args.fd = fd;
+	retlen = strlcpy(args.name, newname, BTRFS_SUBVOL_NAME_MAX);
-	strncpy(args.name, newname, BTRFS_SUBVOL_NAME_MAX);
+	if (retlen >= BTRFS_SUBVOL_NAME_MAX)
-	args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0;
+		goto out;
 	ret = ioctl(fddst, BTRFS_IOC_SNAP_CREATE_V2, &args);
 	INFO("btrfs: snapshot create ioctl returned %d", ret);
@@ -412,6 +427,7 @@ int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 static int btrfs_do_destroy_subvol(const char *path)
 {
 	int ret, fd = -1;
+	size_t retlen;
 	struct btrfs_ioctl_vol_args  args;
 	char *p, *newfull = strdup(path);
@@ -436,8 +452,12 @@ static int btrfs_do_destroy_subvol(const char *path)
 	}
 	memset(&args, 0, sizeof(args));
-	strncpy(args.name, p+1, BTRFS_SUBVOL_NAME_MAX);
+	retlen = strlcpy(args.name, p+1, BTRFS_SUBVOL_NAME_MAX);
-	args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0;
+	if (retlen >= BTRFS_SUBVOL_NAME_MAX) {
+		free(newfull);
+		return -E2BIG;
+	}
 	ret = ioctl(fd, BTRFS_IOC_SNAP_DESTROY, &args);
 	INFO("btrfs: snapshot destroy ioctl returned %d for %s", ret, path);
 	if (ret < 0 && errno == EPERM)
@@ -491,21 +511,25 @@ static bool update_tree_node(struct mytree_node *n, u64 id, u64 parent,
 {
 	if (id)
 		n->objid = id;
 	if (parent)
 		n->parentid = parent;
 	if (name) {
 		n->name = malloc(name_len + 1);
 		if (!n->name)
 			return false;
-		strncpy(n->name, name, name_len);
-		n->name[name_len] = '\0';
+		strcpy(n->name, name);
 	}
 	if (dirname) {
 		n->dirname = malloc(strlen(dirname) + 1);
 		if (!n->dirname) {
 			free(n->name);
 			return false;
 		}
 		strcpy(n->dirname, dirname);
 	}
 	return true;

--- a/src/lxc/storage/storage_utils.c
+++ b/src/lxc/storage/storage_utils.c
@@ -46,6 +46,10 @@
 #include "storage_utils.h"
 #include "utils.h"
+#ifndef HAVE_STRLCPY
+#include "include/strlcpy.h"
+#endif
 #ifndef BLKGETSIZE64
 #define BLKGETSIZE64 _IOR(0x12, 114, size_t)
 #endif
@@ -85,13 +89,23 @@ char *dir_new_path(char *src, const char *oldname, const char *name,
 	}
 	while ((p2 = strstr(src, oldname)) != NULL) {
-		strncpy(p, src, p2 - src); // copy text up to oldname
+		size_t retlen;
-		p += p2 - src;		   // move target pointer (p)
-		p += sprintf(p, "%s",
+		/* copy text up to oldname */
-			     name); // print new name in place of oldname
+		retlen = strlcpy(p, src, p2 - src);
-		src = p2 + l2;      // move src to end of oldname
+		if (retlen >= p2 - src)
+			return NULL;
+		/* move target pointer (p) */
+		p += p2 - src;
+		/* print new name in place of oldname */
+		p += sprintf(p, "%s", name);
+		/* move src to end of oldname */
+		src = p2 + l2;
 	}
-	sprintf(p, "%s", src); // copy the rest of src
+	/* copy the rest of src */
+	sprintf(p, "%s", src);
 	return ret;
 }