Laszlo Papp wrote:
* Size examined str* function usage is a common coding practice, because it's more safer to avoid breakage while using str* functions.
Signed-off-by: Laszlo Papp <djszapi@archlinux.us> --- src/pacman/pacman.c | 4 ++-- src/pacman/query.c | 4 ++-- src/pacman/util.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 5e824f4..0aaf6f0 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -960,11 +960,11 @@ static void cl_to_log(int argc, char* argv[]) return; char *p = cl_text; for(i = 0; i<argc-1; i++) { - strcpy(p, argv[i]); + strncpy(p, argv[i], strlen(argv[i])); p += strlen(argv[i]); *p++ = ' '; } - strcpy(p, argv[i]); + strncpy(p, argv[i], strlen(argv[i])); alpm_logaction("Running '%s'\n", cl_text); free(cl_text); } diff --git a/src/pacman/query.c b/src/pacman/query.c index 6b6a25d..cb15852 100644 --- a/src/pacman/query.c +++ b/src/pacman/query.c @@ -326,7 +326,7 @@ static int check(pmpkg_t *pkg) pm_fprintf(stderr, PM_LOG_ERROR, _("root path too long\n")); return(1); } - strcpy(f, root); + strncpy(f, root, rootlen);
const char *pkgname = alpm_pkg_get_name(pkg); for(i = alpm_pkg_get_files(pkg); i; i = alpm_list_next(i)) { @@ -337,7 +337,7 @@ static int check(pmpkg_t *pkg) pm_fprintf(stderr, PM_LOG_WARNING, _("file path too long\n")); continue; } - strcpy(f + rootlen, path); + strncpy(f + rootlen, path, strlen(path)); allfiles++; /* use lstat to prevent errors from symlinks */ if(lstat(f, &st) != 0) { diff --git a/src/pacman/util.c b/src/pacman/util.c index f4e1756..4afed1c 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -352,7 +352,7 @@ char *strreplace(const char *str, const char *needle, const char *replace)
if(*p) { /* add the rest of 'p' */ - strcpy(newp, p); + strncpy(newp, p, strlen(p)); newp += strlen(p); } *newp = '\0';
Hi I am wrong or this change does not change nothing? All your changes are of this form: -strcpy(dst, src); +strncpy(dst, src, strlen(src)); So if the lenght of source is greater than destination, both always will do a bad job. Maybe you intented to say: +strncpy(dst, src, strlen(dst)); but this have another problem, so need at least another check, and or implement a strlcpy() from BSD Good Luck! -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D