diff options
| author | Joseph Hunkeler <jhunkeler@users.noreply.github.com> | 2026-06-02 17:04:13 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-06-02 17:04:13 -0400 |
| commit | 252b9646c1cb0538123d51ced4a733f3dcfc266b (patch) | |
| tree | 84b300af068db367bd9f3262487aeef3c7ba22d0 /src/cli | |
| parent | d8ee8c27444a56bb98dd8bd67a019a1e9efbcc10 (diff) | |
| download | stasis-252b9646c1cb0538123d51ced4a733f3dcfc266b.tar.gz | |
Safe strings, finally (#145)
* Add string copy and catonate replacements
* safe_strncpy
* safe_strncat
* Replace string functions
* gbo.ini: Update tweakwcs to 0.9.0
* generic.ini: Update tweakwcs to 0.9.0
Diffstat (limited to 'src/cli')
| -rw-r--r-- | src/cli/stasis/args.c | 12 | ||||
| -rw-r--r-- | src/cli/stasis/stasis_main.c | 26 | ||||
| -rw-r--r-- | src/cli/stasis_indexer/helpers.c | 43 | ||||
| -rw-r--r-- | src/cli/stasis_indexer/junitxml_report.c | 3 | ||||
| -rw-r--r-- | src/cli/stasis_indexer/stasis_indexer_main.c | 29 | ||||
| -rw-r--r-- | src/cli/stasis_indexer/website.c | 7 |
6 files changed, 46 insertions, 74 deletions
diff --git a/src/cli/stasis/args.c b/src/cli/stasis/args.c index eb096bc..c1bf031 100644 --- a/src/cli/stasis/args.c +++ b/src/cli/stasis/args.c @@ -89,20 +89,20 @@ void usage(char *progname) { char opt_long[50] = {0}; // --? [ARG]? char opt_short[50] = {0}; // -? [ARG]? - strncat(opt_long, "--", sizeof(opt_long) - strlen(opt_long) - 1); - strncat(opt_long, long_options[x].name, sizeof(opt_long) - strlen(opt_long) - 1); + safe_strncat(opt_long, "--", sizeof(opt_long)); + safe_strncat(opt_long, long_options[x].name, sizeof(opt_long)); if (long_options[x].has_arg) { - strncat(opt_long, " ARG", sizeof(opt_long) - strlen(opt_long) - 1); + safe_strncat(opt_long, " ARG", sizeof(opt_long)); } if (long_options[x].val <= 'z') { - strncat(opt_short, "-", sizeof(opt_short) - strlen(opt_short) - 1); + safe_strncat(opt_short, "-", sizeof(opt_short)); opt_short[1] = (char) long_options[x].val; if (long_options[x].has_arg) { - strncat(opt_short, " ARG", sizeof(opt_short) - strlen(opt_short) - 1); + safe_strncat(opt_short, " ARG", sizeof(opt_short)); } } else { - strncat(opt_short, " ", sizeof(opt_short) - strlen(opt_short) - 1); + safe_strncat(opt_short, " ", sizeof(opt_short)); } snprintf(tmp, sizeof(tmp) - strlen(tmp), " %%-%ds\t%%s\t\t%%s", width + 4); diff --git a/src/cli/stasis/stasis_main.c b/src/cli/stasis/stasis_main.c index fb4ed80..e660f6b 100644 --- a/src/cli/stasis/stasis_main.c +++ b/src/cli/stasis/stasis_main.c @@ -17,11 +17,10 @@ static void setup_sysconfdir() { // environment variable char stasis_sysconfdir_tmp[PATH_MAX]; if (getenv("STASIS_SYSCONFDIR")) { - strncpy(stasis_sysconfdir_tmp, getenv("STASIS_SYSCONFDIR"), sizeof(stasis_sysconfdir_tmp) - 1); + safe_strncpy(stasis_sysconfdir_tmp, getenv("STASIS_SYSCONFDIR"), sizeof(stasis_sysconfdir_tmp)); } else { - strncpy(stasis_sysconfdir_tmp, STASIS_SYSCONFDIR, sizeof(stasis_sysconfdir_tmp) - 1); + safe_strncpy(stasis_sysconfdir_tmp, STASIS_SYSCONFDIR, sizeof(stasis_sysconfdir_tmp)); } - stasis_sysconfdir_tmp[sizeof(stasis_sysconfdir_tmp) - 1] = '\0'; globals.sysconfdir = realpath(stasis_sysconfdir_tmp, NULL); if (!globals.sysconfdir) { @@ -567,8 +566,7 @@ int main(int argc, char *argv[]) { globals.continue_on_error = true; break; case 'p': - strncpy(python_override_version, optarg, sizeof(python_override_version) - 1); - python_override_version[sizeof(python_override_version) - 1] = '\0'; + safe_strncpy(python_override_version, optarg, sizeof(python_override_version)); break; case 'l': globals.cpu_limit = strtol(optarg, NULL, 10); @@ -699,22 +697,10 @@ int main(int argc, char *argv[]) { check_requirements(&ctx); configure_jfrog_cli(&ctx); - /* - delivery_free(&ctx); - tpl_free(); - globals_free(); - return 0; - */ - runtime_apply(ctx.runtime.environ); - strncpy(env_name, ctx.info.release_name, sizeof(env_name) - 1); - env_name[sizeof(env_name) - 1] = '\0'; - - strncpy(env_name_testing, env_name, sizeof(env_name_testing) - 1); - env_name_testing[sizeof(env_name_testing) - 1] = '\0'; - - strncat(env_name_testing, "-test", sizeof(env_name_testing) - strlen(env_name_testing) - 1); - env_name_testing[sizeof(env_name_testing) - 1] = '\0'; + safe_strncpy(env_name, ctx.info.release_name, sizeof(env_name)); + safe_strncpy(env_name_testing, env_name, sizeof(env_name_testing)); + safe_strncat(env_name_testing, "-test", sizeof(env_name_testing)); char *envs[] = { "release", env_name, diff --git a/src/cli/stasis_indexer/helpers.c b/src/cli/stasis_indexer/helpers.c index 92e2dd4..3ef96e4 100644 --- a/src/cli/stasis_indexer/helpers.c +++ b/src/cli/stasis_indexer/helpers.c @@ -98,48 +98,46 @@ int pandoc_exec(const char *in_file, const char *out_file, const char *css_file, if (!get_pandoc_version(&pandoc_version)) { // < 2.19 if (pandoc_version < 0x02130000) { - strncat(pandoc_versioned_args, "--self-contained ", sizeof(pandoc_versioned_args) - strlen(pandoc_versioned_args) - 1); + safe_strncat(pandoc_versioned_args, "--self-contained ", sizeof(pandoc_versioned_args)); } else { // >= 2.19 - strncat(pandoc_versioned_args, "--embed-resources ", sizeof(pandoc_versioned_args) - strlen(pandoc_versioned_args) - 1); + safe_strncat(pandoc_versioned_args, "--embed-resources ", sizeof(pandoc_versioned_args)); } // >= 1.15.0.4 if (pandoc_version >= 0x010f0004) { - strncat(pandoc_versioned_args, "--standalone ", sizeof(pandoc_versioned_args) - strlen(pandoc_versioned_args) - 1); + safe_strncat(pandoc_versioned_args, "--standalone ", sizeof(pandoc_versioned_args)); } // >= 1.10.0.1 if (pandoc_version >= 0x010a0001) { - strncat(pandoc_versioned_args, "-f gfm+autolink_bare_uris ", sizeof(pandoc_versioned_args) - strlen(pandoc_versioned_args) - 1); + safe_strncat(pandoc_versioned_args, "-f gfm+autolink_bare_uris ", sizeof(pandoc_versioned_args)); } // > 3.1.9 if (pandoc_version > 0x03010900) { - strncat(pandoc_versioned_args, "-f gfm+alerts ", sizeof(pandoc_versioned_args) - strlen(pandoc_versioned_args) - 1); + safe_strncat(pandoc_versioned_args, "-f gfm+alerts ", sizeof(pandoc_versioned_args)); } } // Converts a markdown file to html char cmd[STASIS_BUFSIZ] = {0}; - strncpy(cmd, "pandoc ", sizeof(cmd) - 1); - cmd[sizeof(cmd) - 1] = '\0'; + safe_strncpy(cmd, "pandoc ", sizeof(cmd)); - strncat(cmd, pandoc_versioned_args, sizeof(cmd) - strlen(cmd) - 1); - cmd[sizeof(cmd) - 1] = '\0'; + safe_strncat(cmd, pandoc_versioned_args, sizeof(cmd)); if (css_file && strlen(css_file)) { - strncat(cmd, "--css ", sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, css_file, sizeof(cmd) - strlen(cmd) - 1); + safe_strncat(cmd, "--css ", sizeof(cmd)); + safe_strncat(cmd, css_file, sizeof(cmd)); } - strncat(cmd, " ", sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, "--metadata title=\"", sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, title, sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, "\" ", sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, "-o ", sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, out_file, sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, " ", sizeof(cmd) - strlen(cmd) - 1); - strncat(cmd, in_file, sizeof(cmd) - strlen(cmd) - 1); + safe_strncat(cmd, " ", sizeof(cmd)); + safe_strncat(cmd, "--metadata title=\"", sizeof(cmd)); + safe_strncat(cmd, title, sizeof(cmd)); + safe_strncat(cmd, "\" ", sizeof(cmd)); + safe_strncat(cmd, "-o ", sizeof(cmd)); + safe_strncat(cmd, out_file, sizeof(cmd)); + safe_strncat(cmd, " ", sizeof(cmd)); + safe_strncat(cmd, in_file, sizeof(cmd)); if (globals.verbose) { puts(cmd); @@ -406,11 +404,10 @@ int write_manifest(const char *path, char **exclude_path, FILE *fp) { continue; } char filepath[PATH_MAX] = {0}; - strncpy(filepath, path, PATH_MAX - 1); - filepath[PATH_MAX - 1] = '\0'; + safe_strncpy(filepath, path, PATH_MAX); - strncat(filepath, "/", sizeof(filepath) - strlen(filepath) - 1); - strncat(filepath, rec->d_name, sizeof(filepath) - strlen(filepath) - 1); + safe_strncat(filepath, "/", sizeof(filepath)); + safe_strncat(filepath, rec->d_name, sizeof(filepath)); if (rec->d_type == DT_DIR) { write_manifest(filepath, exclude_path, fp); diff --git a/src/cli/stasis_indexer/junitxml_report.c b/src/cli/stasis_indexer/junitxml_report.c index a7dcd06..300b7e5 100644 --- a/src/cli/stasis_indexer/junitxml_report.c +++ b/src/cli/stasis_indexer/junitxml_report.c @@ -55,8 +55,7 @@ static int write_report_output(struct Delivery *ctx, FILE *destfp, const char *x } char short_name[PATH_MAX] = {0}; - strncpy(short_name, bname, sizeof(short_name) - 1); - short_name[sizeof(short_name) - 1] = '\0'; + safe_strncpy(short_name, bname, sizeof(short_name)); replace_text(short_name, short_name_pattern, "", 0); replace_text(short_name, "results-", "", 0); diff --git a/src/cli/stasis_indexer/stasis_indexer_main.c b/src/cli/stasis_indexer/stasis_indexer_main.c index e87122e..45bbb6c 100644 --- a/src/cli/stasis_indexer/stasis_indexer_main.c +++ b/src/cli/stasis_indexer/stasis_indexer_main.c @@ -13,14 +13,11 @@ int indexer_combine_rootdirs(const char *dest, char **rootdirs, const size_t roo char destdir_with_output[PATH_MAX] = {0}; char *destdir = destdir_bare; - strncpy(destdir_bare, dest, sizeof(destdir_bare) - 1); - destdir[sizeof(destdir_bare) - 1] = '\0'; + safe_strncpy(destdir_bare, dest, sizeof(destdir_bare)); - strncpy(destdir_with_output, dest, sizeof(destdir_with_output) - 1); - destdir_with_output[sizeof(destdir_with_output) - 1] = '\0'; + safe_strncpy(destdir_with_output, dest, sizeof(destdir_with_output)); - strncat(destdir_with_output, "/output", sizeof(destdir_with_output) - strlen(destdir_with_output) - 1); - destdir_with_output[sizeof(destdir_with_output) - 1] = '\0'; + safe_strncat(destdir_with_output, "/output", sizeof(destdir_with_output)); if (!access(destdir_with_output, F_OK)) { destdir = destdir_with_output; @@ -31,14 +28,11 @@ int indexer_combine_rootdirs(const char *dest, char **rootdirs, const size_t roo char srcdir_bare[PATH_MAX] = {0}; char srcdir_with_output[PATH_MAX] = {0}; char *srcdir = srcdir_bare; - strncpy(srcdir_bare, rootdirs[i], sizeof(srcdir_bare) - 1); - srcdir_bare[sizeof(srcdir_bare) - 1] = '\0'; + safe_strncpy(srcdir_bare, rootdirs[i], sizeof(srcdir_bare)); - strncpy(srcdir_with_output, rootdirs[i], sizeof(srcdir_with_output) - 1); - srcdir_with_output[sizeof(srcdir_with_output) - 1] = '\0'; + safe_strncpy(srcdir_with_output, rootdirs[i], sizeof(srcdir_with_output)); - strncat(srcdir_with_output, "/output", sizeof(srcdir_with_output) - strlen(srcdir_with_output) - 1); - srcdir_with_output[sizeof(srcdir_with_output) - 1] = '\0'; + safe_strncat(srcdir_with_output, "/output", sizeof(srcdir_with_output)); if (access(srcdir_bare, F_OK)) { SYSWARN("%s does not exist", srcdir_bare); @@ -266,11 +260,10 @@ int main(const int argc, char *argv[]) { char stasis_sysconfdir_tmp[PATH_MAX]; if (getenv("STASIS_SYSCONFDIR")) { - strncpy(stasis_sysconfdir_tmp, getenv("STASIS_SYSCONFDIR"), sizeof(stasis_sysconfdir_tmp) - 1); + safe_strncpy(stasis_sysconfdir_tmp, getenv("STASIS_SYSCONFDIR"), sizeof(stasis_sysconfdir_tmp)); } else { - strncpy(stasis_sysconfdir_tmp, STASIS_SYSCONFDIR, sizeof(stasis_sysconfdir_tmp) - 1); + safe_strncpy(stasis_sysconfdir_tmp, STASIS_SYSCONFDIR, sizeof(stasis_sysconfdir_tmp)); } - stasis_sysconfdir_tmp[sizeof(stasis_sysconfdir_tmp) - 1] = '\0'; globals.sysconfdir = realpath(stasis_sysconfdir_tmp, NULL); if (!globals.sysconfdir) { @@ -281,9 +274,9 @@ int main(const int argc, char *argv[]) { char workdir_template[PATH_MAX] = {0}; const char *system_tmp = getenv("TMPDIR"); if (system_tmp) { - strncat(workdir_template, system_tmp, sizeof(workdir_template) - strlen(workdir_template) - 1); + safe_strncat(workdir_template, system_tmp, sizeof(workdir_template)); } else { - strncat(workdir_template, "/tmp/stasis", sizeof(workdir_template) - strlen(workdir_template) - 1); + safe_strncat(workdir_template, "/tmp/stasis", sizeof(workdir_template)); } if (mkdirs(workdir_template, 0700)) { @@ -291,7 +284,7 @@ int main(const int argc, char *argv[]) { exit(1); } - strncat(workdir_template, "/stasis-combine.XXXXXX", sizeof(workdir_template) - strlen(workdir_template) - 1); + safe_strncat(workdir_template, "/stasis-combine.XXXXXX", sizeof(workdir_template)); char *workdir = mkdtemp(workdir_template); if (!workdir) { SYSERROR("Unable to create temporary directory: %s", workdir_template); diff --git a/src/cli/stasis_indexer/website.c b/src/cli/stasis_indexer/website.c index 07ad6ad..edab735 100644 --- a/src/cli/stasis_indexer/website.c +++ b/src/cli/stasis_indexer/website.c @@ -35,9 +35,7 @@ int indexer_make_website(struct Delivery **ctx) { } // Replace *.md extension with *.html. - strncpy(fullpath_dest, fullpath_src, sizeof(fullpath_dest) - 1); - fullpath_dest[sizeof(fullpath_dest) - 1] = '\0'; - + safe_strncpy(fullpath_dest, fullpath_src, sizeof(fullpath_dest)); gen_file_extension_str(fullpath_dest, sizeof(fullpath_dest), ".html"); // Convert markdown to html @@ -54,8 +52,7 @@ int indexer_make_website(struct Delivery **ctx) { if (!strcmp(filename, "README.md")) { char link_from[PATH_MAX] = {0}; char link_dest[PATH_MAX] = {0}; - strncpy(link_from, "README.html", sizeof(link_from) - 1); - link_dest[sizeof(link_dest) - 1] = '\0'; + safe_strncpy(link_from, "README.html", sizeof(link_from)); snprintf(link_dest, sizeof(link_dest), "%s/%s", root, "index.html"); if (symlink(link_from, link_dest)) { SYSWARN("symlink(%s, %s) failed: %s", link_from, link_dest, strerror(errno)); |