From 252b9646c1cb0538123d51ced4a733f3dcfc266b Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@users.noreply.github.com>
Date: Tue, 2 Jun 2026 17:04:13 -0400
Subject: Safe strings, finally (#145)

* Add string copy and catonate replacements
* safe_strncpy
* safe_strncat
* Replace string functions
* gbo.ini: Update tweakwcs to 0.9.0
* generic.ini: Update tweakwcs to 0.9.0
---
 src/lib/delivery/delivery_test.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

(limited to 'src/lib/delivery/delivery_test.c')

diff --git a/src/lib/delivery/delivery_test.c b/src/lib/delivery/delivery_test.c
index f59a62e..c1ef1ad 100644
--- a/src/lib/delivery/delivery_test.c
+++ b/src/lib/delivery/delivery_test.c
@@ -199,13 +199,11 @@ void delivery_tests_run(struct Delivery *ctx) {
                 msg(STASIS_MSG_L3, "Queuing task for %s\n", test->name);
                 memset(&proc, 0, sizeof(proc));
 
-                strncpy(cmd, test->script, strlen(test->script) + STASIS_BUFSIZ - 1);
-                cmd[strlen(test->script) + STASIS_BUFSIZ - 1] = '\0';
+                safe_strncpy(cmd, test->script, strlen(test->script) + STASIS_BUFSIZ);
                 char *cmd_rendered = tpl_render(cmd);
                 if (cmd_rendered) {
                     if (strcmp(cmd_rendered, cmd) != 0) {
-                        strncpy(cmd, cmd_rendered, strlen(test->script) + STASIS_BUFSIZ - 1);
-                        cmd[strlen(cmd_rendered) ? strlen(cmd_rendered) - 1 : 0] = 0;
+                        safe_strncpy(cmd, cmd_rendered, strlen(test->script) + STASIS_BUFSIZ);
                     }
                     guard_free(cmd_rendered);
                 } else {
@@ -229,8 +227,7 @@ void delivery_tests_run(struct Delivery *ctx) {
                 if (!globals.enable_parallel || !test->parallel) {
                     selected = SERIAL;
                     memset(pool_name, 0, sizeof(pool_name));
-                    strncpy(pool_name, "serial", sizeof(pool_name) - 1);
-                    pool_name[sizeof(pool_name) - 1] = '\0';
+                    safe_strncpy(pool_name, "serial", sizeof(pool_name));
                 }
 
                 if (asprintf(&runner_cmd, runner_cmd_fmt, cmd) < 0) {
@@ -281,14 +278,12 @@ void delivery_tests_run(struct Delivery *ctx) {
                         exit(1);
                     }
 
-                    strncpy(cmd, test->script_setup, cmd_len - 1);
-                    cmd[cmd_len - 1] = '\0';
+                    safe_strncpy(cmd, test->script_setup, cmd_len);
 
                     char *cmd_rendered = tpl_render(cmd);
                     if (cmd_rendered) {
                         if (strcmp(cmd_rendered, cmd) != 0) {
-                            strncpy(cmd, cmd_rendered, cmd_len - 1);
-                            cmd[strlen(cmd_rendered) ? strlen(cmd_rendered) - 1 : 0] = '\0';
+                            safe_strncpy(cmd, cmd_rendered, cmd_len);
                         }
                         guard_free(cmd_rendered);
                     } else {
-- 
cgit