[pmacct-discussion] strlcpy patch

Wed, 18 Feb 2009 16:15:22 -0800 

Pedantic removal of strcpy that mostly
serves to make it easier to find and remove other
unsafe (buffer overflow prone) uses of strcpy.

To apply:

cd pmacct-0.11.5
patch -p1 < strlcpy.patch


Karl <k...@meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

diff -ruN pmacct-0.11.5/src/pmacctd.c pmacct-0.11.5-patched/src/pmacctd.c
--- pmacct-0.11.5/src/pmacctd.c	Wed Feb 18 04:19:05 2009
+++ pmacct-0.11.5-patched/src/pmacctd.c	Wed Feb 18 15:39:20 2009
@@ -135,106 +135,106 @@
     cfg_cmdline[rows] = malloc(SRVBUFLEN);
     switch (cp) {
     case 'P':
-      strcpy(cfg_cmdline[rows], "plugins: ");
+      strlcpy(cfg_cmdline[rows], "plugins: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'D':
-      strcpy(cfg_cmdline[rows], "daemonize: true");
+      strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN);
       rows++;
       break;
     case 'd':
       debug = TRUE;
-      strcpy(cfg_cmdline[rows], "debug: true");
+      strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN);
       rows++;
       break;
     case 'n':
-      strcpy(cfg_cmdline[rows], "networks_file: ");
+      strlcpy(cfg_cmdline[rows], "networks_file: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'o':
-      strcpy(cfg_cmdline[rows], "ports_file: ");
+      strlcpy(cfg_cmdline[rows], "ports_file: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break; 
     case 'N':
-      strcpy(cfg_cmdline[rows], "promisc: false");
+      strlcpy(cfg_cmdline[rows], "promisc: false", SRVBUFLEN);
       rows++;
       break;
     case 'f':
       strlcpy(config_file, optarg, sizeof(config_file));
       break;
     case 'F':
-      strcpy(cfg_cmdline[rows], "pidfile: ");
+      strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'c':
-      strcpy(cfg_cmdline[rows], "aggregate: ");
+      strlcpy(cfg_cmdline[rows], "aggregate: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'b':
-      strcpy(cfg_cmdline[rows], "imt_buckets: ");
+      strlcpy(cfg_cmdline[rows], "imt_buckets: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'm':
-      strcpy(cfg_cmdline[rows], "imt_mem_pools_number: ");
+      strlcpy(cfg_cmdline[rows], "imt_mem_pools_number: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       have_num_memory_pools = TRUE;
       rows++;
       break;
     case 'p':
-      strcpy(cfg_cmdline[rows], "imt_path: ");
+      strlcpy(cfg_cmdline[rows], "imt_path: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'r':
-      strcpy(cfg_cmdline[rows], "sql_refresh_time: ");
+      strlcpy(cfg_cmdline[rows], "sql_refresh_time: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       cfg_cmdline[rows] = malloc(SRVBUFLEN);
-      strcpy(cfg_cmdline[rows], "print_refresh_time: ");
+      strlcpy(cfg_cmdline[rows], "print_refresh_time: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'v':
-      strcpy(cfg_cmdline[rows], "sql_table_version: ");
+      strlcpy(cfg_cmdline[rows], "sql_table_version: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 's':
-      strcpy(cfg_cmdline[rows], "imt_mem_pools_size: ");
+      strlcpy(cfg_cmdline[rows], "imt_mem_pools_size: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'S':
-      strcpy(cfg_cmdline[rows], "syslog: ");
+      strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'i':
-      strcpy(cfg_cmdline[rows], "interface: ");
+      strlcpy(cfg_cmdline[rows], "interface: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'I':
-      strcpy(cfg_cmdline[rows], "pcap_savefile: ");
+      strlcpy(cfg_cmdline[rows], "pcap_savefile: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;
     case 'w':
-      strcpy(cfg_cmdline[rows], "interface_wait: true");
+      strlcpy(cfg_cmdline[rows], "interface_wait: true", SRVBUFLEN);
       rows++;
       break;
     case 'W':
-      strcpy(cfg_cmdline[rows], "savefile_wait: true");
+      strlcpy(cfg_cmdline[rows], "savefile_wait: true", SRVBUFLEN);
       rows++;
       break;
     case 'L':
-      strcpy(cfg_cmdline[rows], "snaplen: ");
+      strlcpy(cfg_cmdline[rows], "snaplen: ", SRVBUFLEN);
       strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
       rows++;
       break;


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to