From 44feb080fdc72eca2a9c6bb2c2dae111878cd2e4 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 16 Jun 2014 15:30:29 -0700 Subject: [PATCH] [v9_10] null terminate strings for coverity --- bin/dig/dig.c | 3 +++ bin/tests/system/dlzexternal/driver.c | 6 ++++++ contrib/dlz/example/dlz_example.c | 6 ++++++ lib/dns/gen.c | 16 +++++++++++++++- lib/dns/rcode.c | 8 +++++--- lib/lwres/getaddrinfo.c | 4 ++++ 6 files changed, 39 insertions(+), 4 deletions(-) diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 52bbec3e9a..3047045749 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1124,6 +1124,8 @@ plus_option(char *option, isc_boolean_t is_batchfile, if (value != NULL) { n = strlcpy(sitvalue, value, sizeof(sitvalue)); + sitvalue[sizeof(sitvalue) - 1] = '\0'; + if (n >= sizeof(sitvalue)) fatal("SIT data too large"); lookup->sitvalue = sitvalue; @@ -1545,6 +1547,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, ip6_int, ISC_FALSE) == ISC_R_SUCCESS) { strncpy((*lookup)->textname, textname, sizeof((*lookup)->textname)); + (*lookup)->textname[sizeof((*lookup)->textname)-1] = 0; debug("looking up %s", (*lookup)->textname); (*lookup)->trace_root = ISC_TF((*lookup)->trace || (*lookup)->ns_search_only); diff --git a/bin/tests/system/dlzexternal/driver.c b/bin/tests/system/dlzexternal/driver.c index 4828b91481..c74b480f35 100644 --- a/bin/tests/system/dlzexternal/driver.c +++ b/bin/tests/system/dlzexternal/driver.c @@ -133,8 +133,14 @@ add_name(struct dlz_example_data *state, struct record *list, return (ISC_R_NOSPACE); strncpy(list[i].name, name, sizeof(list[i].name)); + list[i].name[sizeof(list[i].name) - 1] = '\0'; + strncpy(list[i].type, type, sizeof(list[i].type)); + list[i].type[sizeof(list[i].type) - 1] = '\0'; + strncpy(list[i].data, data, sizeof(list[i].data)); + list[i].data[sizeof(list[i].data) - 1] = '\0'; + list[i].ttl = ttl; return (ISC_R_SUCCESS); diff --git a/contrib/dlz/example/dlz_example.c b/contrib/dlz/example/dlz_example.c index 97f188ebf4..004d534352 100644 --- a/contrib/dlz/example/dlz_example.c +++ b/contrib/dlz/example/dlz_example.c @@ -121,8 +121,14 @@ add_name(struct dlz_example_data *state, struct record *list, return (ISC_R_NOSPACE); strncpy(list[i].name, name, sizeof(list[i].name)); + list[i].name[sizeof(list[i].name) - 1] = '\0'; + strncpy(list[i].type, type, sizeof(list[i].type)); + list[i].type[sizeof(list[i].type) - 1] = '\0'; + strncpy(list[i].data, data, sizeof(list[i].data)); + list[i].data[sizeof(list[i].data) - 1] = '\0'; + list[i].ttl = ttl; return (ISC_R_SUCCESS); diff --git a/lib/dns/gen.c b/lib/dns/gen.c index b934c9990f..4fea096c35 100644 --- a/lib/dns/gen.c +++ b/lib/dns/gen.c @@ -331,15 +331,20 @@ insert_into_typenames(int type, const char *typename, const char *attr) { exit(1); } + /* XXXMUKS: This is redundant due to the INSIST above. */ if (strlen(typename) > sizeof(ttn->typename) - 1) { fprintf(stderr, "Error: type name %s is too long\n", typename); exit(1); } + strncpy(ttn->typename, typename, sizeof(ttn->typename)); - ttn->type = type; + ttn->typename[sizeof(ttn->typename) - 1] = '\0'; strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname)); + ttn->macroname[sizeof(ttn->macroname) - 1] = '\0'; + + ttn->type = type; c = strlen(ttn->macroname); while (c > 0) { if (ttn->macroname[c - 1] == '-') @@ -365,7 +370,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) { attr, typename); exit(1); } + strncpy(ttn->attr, attr, sizeof(ttn->attr)); + ttn->attr[sizeof(ttn->attr) - 1] = '\0'; + ttn->sorted = 0; if (maxtype < type) maxtype = type; @@ -394,11 +402,17 @@ add(int rdclass, const char *classname, int type, const char *typename, newtt->next = NULL; newtt->rdclass = rdclass; newtt->type = type; + strncpy(newtt->classname, classname, sizeof(newtt->classname)); + newtt->classname[sizeof(newtt->classname) - 1] = '\0'; + strncpy(newtt->typename, typename, sizeof(newtt->typename)); + newtt->typename[sizeof(newtt->typename) - 1] = '\0'; + if (strncmp(dirname, "./", 2) == 0) dirname += 2; strncpy(newtt->dirname, dirname, sizeof(newtt->dirname)); + newtt->dirname[sizeof(newtt->dirname) - 1] = '\0'; tt = types; oldtt = NULL; diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c index 5e17a44ed6..0b74744d96 100644 --- a/lib/dns/rcode.c +++ b/lib/dns/rcode.c @@ -224,11 +224,13 @@ maybe_numeric(unsigned int *valuep, isc_textregion_t *source, return (ISC_R_BADNUMBER); /* - * We have a potential number. Try to parse it with - * isc_parse_uint32(). isc_parse_uint32() requires + * We have a potential number. Try to parse it with + * isc_parse_uint32(). isc_parse_uint32() requires * null termination, so we must make a copy. */ - strncpy(buffer, source->base, NUMBERSIZE); + strncpy(buffer, source->base, sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + INSIST(buffer[source->length] == '\0'); result = isc_parse_uint32(&n, buffer, 10); diff --git a/lib/lwres/getaddrinfo.c b/lib/lwres/getaddrinfo.c index 1ebafd85a6..43211fd07c 100644 --- a/lib/lwres/getaddrinfo.c +++ b/lib/lwres/getaddrinfo.c @@ -706,12 +706,16 @@ get_local(const char *name, int socktype, struct addrinfo **res) { if (socktype == 0) return (EAI_SOCKTYPE); + if (strlen(name) >= sizeof(slocal->sun_path)) + return (EAI_OVERFLOW); + ai = ai_alloc(AF_LOCAL, sizeof(*slocal)); if (ai == NULL) return (EAI_MEMORY); slocal = SLOCAL(ai->ai_addr); strncpy(slocal->sun_path, name, sizeof(slocal->sun_path)); + slocal->sun_path[sizeof(slocal->sun_path) - 1] = '\0'; ai->ai_socktype = socktype; /*