[PATCH] Replace str[n]cpy with strlcpy from FRIGN on 2016-06-02 (hackers mail list archive)

From: FRIGN <dev_AT_frign.de>
Date: Thu, 2 Jun 2016 21:46:50 +0200

Let's finally use this safe interface here! We've waited long
enough.
Even if a call to strcpy in some cases might be safe
(e.g. writing the broken string to c->name), we can never
assure that there might not be a code change in the future
that breaks this assumption.
Even though you might have had these side-effects in mind the
time you wrote the code, they definitely won't be a few days/
months/years later when the changes are made.

---
 dwm.c  | 16 +++++++++-------
 util.c | 40 ++++++++++++++++++++++++++++++++++++++++
 util.h |  3 +++
 3 files changed, 52 insertions(+), 7 deletions(-)
diff --git a/dwm.c b/dwm.c
index ff7e096..d45916c 100644
--- a/dwm.c
+++ b/dwm.c
_AT_@ -393,7 +393,7 @@ arrange(Monitor *m)
 void
 arrangemon(Monitor *m)
 {
-	strncpy(m->ltsymbol, m->lt[m->sellt]->symbol, sizeof m->ltsymbol);
+	strlcpy(m->ltsymbol, m->lt[m->sellt]->symbol, sizeof(m->ltsymbol));
 	if (m->lt[m->sellt]->arrange)
 		m->lt[m->sellt]->arrange(m);
 }
_AT_@ -654,7 +654,8 @@ createmon(void)
 	m->topbar = topbar;
 	m->lt[0] = &layouts[0];
 	m->lt[1] = &layouts[1 % LENGTH(layouts)];
-	strncpy(m->ltsymbol, layouts[0].symbol, sizeof m->ltsymbol);
+	strlcpy(m->ltsymbol, layouts[0].symbol, sizeof(m->ltsymbol));
+
 	return m;
 }
 
_AT_@ -931,10 +932,10 @@ gettextprop(Window w, Atom atom, char *text, unsigned int size)
 	if (!name.nitems)
 		return 0;
 	if (name.encoding == XA_STRING)
-		strncpy(text, (char *)name.value, size - 1);
+		strlcpy(text, (char *)name.value, size - 1);
 	else {
 		if (XmbTextPropertyToTextList(dpy, &name, &list, &n) >= Success && n > 0 && *list) {
-			strncpy(text, *list, size - 1);
+			strlcpy(text, *list, size - 1);
 			XFreeStringList(list);
 		}
 	}
_AT_@ -1526,7 +1527,8 @@ setlayout(const Arg *arg)
 		selmon->sellt ^= 1;
 	if (arg && arg->v)
 		selmon->lt[selmon->sellt] = (Layout *)arg->v;
-	strncpy(selmon->ltsymbol, selmon->lt[selmon->sellt]->symbol, sizeof selmon->ltsymbol);
+	strlcpy(selmon->ltsymbol, selmon->lt[selmon->sellt]->symbol,
+	        sizeof(selmon->ltsymbol));
 	if (selmon->sel)
 		arrange(selmon);
 	else
_AT_@ -1991,14 +1993,14 @@ updatetitle(Client *c)
 	if (!gettextprop(c->win, netatom[NetWMName], c->name, sizeof c->name))
 		gettextprop(c->win, XA_WM_NAME, c->name, sizeof c->name);
 	if (c->name[0] == '\0') /* hack to mark broken clients */
-		strcpy(c->name, broken);
+		strlcpy(c->name, broken, sizeof(c->name));
 }
 
 void
 updatestatus(void)
 {
 	if (!gettextprop(root, XA_WM_NAME, stext, sizeof(stext)))
-		strcpy(stext, "dwm-"VERSION);
+		strlcpy(stext, "dwm-"VERSION, sizeof(stext));
 	drawbar(selmon);
 }
 
diff --git a/util.c b/util.c
index 6b703e9..ac4372f 100644
--- a/util.c
+++ b/util.c
_AT_@ -31,3 +31,43 @@ die(const char *fmt, ...) {
 
 	exit(1);
 }
+
+/*
+ * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller_AT_courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+size_t
+strlcpy(char *dst, const char *src, size_t dsize)
+{
+	const char *osrc = src;
+	size_t nleft = dsize;
+
+	/* Copy as many bytes as will fit. */
+	if (nleft != 0) {
+		while (--nleft != 0) {
+			if ((*dst++ = *src++) == '\0')
+				break;
+		}
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src. */
+	if (nleft == 0) {
+		if (dsize != 0)
+			*dst = '\0';		/* NUL-terminate dst */
+		while (*src++)
+			;
+	}
+
+	return(src - osrc - 1);	/* count does not include NUL */
+}
diff --git a/util.h b/util.h
index cded043..ce29b77 100644
--- a/util.h
+++ b/util.h
_AT_@ -1,4 +1,5 @@
 /* See LICENSE file for copyright and license details. */
+#include <sys/types.h>
 
 #define MAX(A, B)               ((A) > (B) ? (A) : (B))
 #define MIN(A, B)               ((A) < (B) ? (A) : (B))
_AT_@ -6,3 +7,5 @@
 
 void die(const char *errstr, ...);
 void *ecalloc(size_t, size_t);
+#undef strlcpy
+size_t strlcpy(char *, const char *, size_t);
-- 
2.4.10
--Multipart=_Thu__2_Jun_2016_21_57_01_+0200_wJwYxaJ_svQyYsik--

Received on Mon Sep 17 2001 - 00:00:00 CEST

This archive was generated by hypermail 2.3.0 : Thu Jun 02 2016 - 22:00:15 CEST