From 252b9646c1cb0538123d51ced4a733f3dcfc266b Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@users.noreply.github.com>
Date: Tue, 2 Jun 2026 17:04:13 -0400
Subject: Safe strings, finally (#145)

* Add string copy and catonate replacements
* safe_strncpy
* safe_strncat
* Replace string functions
* gbo.ini: Update tweakwcs to 0.9.0
* generic.ini: Update tweakwcs to 0.9.0
---
 src/cli/stasis/args.c        | 12 ++++++------
 src/cli/stasis/stasis_main.c | 26 ++++++--------------------
 2 files changed, 12 insertions(+), 26 deletions(-)

(limited to 'src/cli/stasis')

diff --git a/src/cli/stasis/args.c b/src/cli/stasis/args.c
index eb096bc..c1bf031 100644
--- a/src/cli/stasis/args.c
+++ b/src/cli/stasis/args.c
@@ -89,20 +89,20 @@ void usage(char *progname) {
         char opt_long[50] = {0};        // --? [ARG]?
         char opt_short[50] = {0};        // -? [ARG]?
 
-        strncat(opt_long, "--", sizeof(opt_long) - strlen(opt_long) - 1);
-        strncat(opt_long, long_options[x].name, sizeof(opt_long) - strlen(opt_long) - 1);
+        safe_strncat(opt_long, "--", sizeof(opt_long));
+        safe_strncat(opt_long, long_options[x].name, sizeof(opt_long));
         if (long_options[x].has_arg) {
-            strncat(opt_long, " ARG", sizeof(opt_long) - strlen(opt_long) - 1);
+            safe_strncat(opt_long, " ARG", sizeof(opt_long));
         }
 
         if (long_options[x].val <= 'z') {
-            strncat(opt_short, "-", sizeof(opt_short) - strlen(opt_short) - 1);
+            safe_strncat(opt_short, "-", sizeof(opt_short));
             opt_short[1] = (char) long_options[x].val;
             if (long_options[x].has_arg) {
-                strncat(opt_short, " ARG", sizeof(opt_short) - strlen(opt_short) - 1);
+                safe_strncat(opt_short, " ARG", sizeof(opt_short));
             }
         } else {
-            strncat(opt_short, "  ", sizeof(opt_short) - strlen(opt_short) - 1);
+            safe_strncat(opt_short, "  ", sizeof(opt_short));
         }
 
         snprintf(tmp, sizeof(tmp) - strlen(tmp), "  %%-%ds\t%%s\t\t%%s", width + 4);
diff --git a/src/cli/stasis/stasis_main.c b/src/cli/stasis/stasis_main.c
index fb4ed80..e660f6b 100644
--- a/src/cli/stasis/stasis_main.c
+++ b/src/cli/stasis/stasis_main.c
@@ -17,11 +17,10 @@ static void setup_sysconfdir() {
     // environment variable
     char stasis_sysconfdir_tmp[PATH_MAX];
     if (getenv("STASIS_SYSCONFDIR")) {
-        strncpy(stasis_sysconfdir_tmp, getenv("STASIS_SYSCONFDIR"), sizeof(stasis_sysconfdir_tmp) - 1);
+        safe_strncpy(stasis_sysconfdir_tmp, getenv("STASIS_SYSCONFDIR"), sizeof(stasis_sysconfdir_tmp));
     } else {
-        strncpy(stasis_sysconfdir_tmp, STASIS_SYSCONFDIR, sizeof(stasis_sysconfdir_tmp) - 1);
+        safe_strncpy(stasis_sysconfdir_tmp, STASIS_SYSCONFDIR, sizeof(stasis_sysconfdir_tmp));
     }
-    stasis_sysconfdir_tmp[sizeof(stasis_sysconfdir_tmp) - 1] = '\0';
 
     globals.sysconfdir = realpath(stasis_sysconfdir_tmp, NULL);
     if (!globals.sysconfdir) {
@@ -567,8 +566,7 @@ int main(int argc, char *argv[]) {
                 globals.continue_on_error = true;
                 break;
             case 'p':
-                strncpy(python_override_version, optarg, sizeof(python_override_version) - 1);
-                python_override_version[sizeof(python_override_version) - 1] = '\0';
+                safe_strncpy(python_override_version, optarg, sizeof(python_override_version));
                 break;
             case 'l':
                 globals.cpu_limit = strtol(optarg, NULL, 10);
@@ -699,22 +697,10 @@ int main(int argc, char *argv[]) {
     check_requirements(&ctx);
 
     configure_jfrog_cli(&ctx);
-    /*
-    delivery_free(&ctx);
-    tpl_free();
-    globals_free();
-    return 0;
-    */
-
     runtime_apply(ctx.runtime.environ);
-    strncpy(env_name, ctx.info.release_name, sizeof(env_name) - 1);
-    env_name[sizeof(env_name) - 1] = '\0';
-
-    strncpy(env_name_testing, env_name, sizeof(env_name_testing) - 1);
-    env_name_testing[sizeof(env_name_testing) - 1] = '\0';
-
-    strncat(env_name_testing, "-test", sizeof(env_name_testing) - strlen(env_name_testing) - 1);
-    env_name_testing[sizeof(env_name_testing) - 1] = '\0';
+    safe_strncpy(env_name, ctx.info.release_name, sizeof(env_name));
+    safe_strncpy(env_name_testing, env_name, sizeof(env_name_testing));
+    safe_strncat(env_name_testing, "-test", sizeof(env_name_testing));
 
     char *envs[] = {
         "release", env_name,
-- 
cgit