Replaced all calls to str[n]cat and strncpy by calls to strlcat and strlcpy respectively
authormolivier <molivier@d7cf8633-e32d-0410-b094-e92efae38249>
Fri, 4 Aug 2006 11:37:32 +0000 (11:37 +0000)
committermolivier <molivier@d7cf8633-e32d-0410-b094-e92efae38249>
Fri, 4 Aug 2006 11:37:32 +0000 (11:37 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@6542 d7cf8633-e32d-0410-b094-e92efae38249

cl_video.c
common.h
csprogs.c
dpvsimpledecode.c
keys.c
menu.c
model_brush.c
mvm_cmds.c
prvm_cmds.c
prvm_edict.c

index 8ea468b..42c0496 100644 (file)
@@ -72,11 +72,11 @@ static qboolean WakeVideo( clvideo_t * video )
 
 static clvideo_t* OpenVideo( clvideo_t *video, const char *filename, const char *name, int owner )
 {
-       strncpy( video->filename, filename, MAX_QPATH );
+       strlcpy( video->filename, filename, sizeof(video->filename) );
        video->ownertag = owner;
        if( strncmp( name, CLVIDEOPREFIX, sizeof( CLVIDEOPREFIX ) - 1 ) )
                return NULL;
-       strncpy( video->cpif.name, name, MAX_QPATH );
+       strlcpy( video->cpif.name, name, sizeof(video->cpif.name) );
 
        if( !OpenStream( video ) )
                return NULL;
index cfff75b..1306776 100644 (file)
--- a/common.h
+++ b/common.h
@@ -228,6 +228,13 @@ char       *va(const char *format, ...);
 extern int dpsnprintf (char *buffer, size_t buffersize, const char *format, ...);
 extern int dpvsnprintf (char *buffer, size_t buffersize, const char *format, va_list args);
 
+// A bunch of functions are forbidden for security reasons (and also to please MSVS 2005, for some of them)
+#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT
+#define strncat DO_NOT_USE_STRNCAT__USE_STRLCAT_OR_MEMCPY
+//#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY
+#define strncpy DO_NOT_USE_STRNCPY__USE_STRLCPY_OR_MEMCPY
+//#define sprintf DO_NOT_USE_SPRINTF__USE_DPSNPRINTF
+
 
 //============================================================================
 
index 152b747..3309a5f 100644 (file)
--- a/csprogs.c
+++ b/csprogs.c
@@ -414,10 +414,10 @@ void CSQC_AddPrintText (const char *msg)
                        csqc_printtextbuf[0] = 0;
                }
                else
-                       strcat(csqc_printtextbuf, msg);
+                       strlcat(csqc_printtextbuf, msg, CSQC_PRINTBUFFERLEN);
                return;
        }
-       strcat(csqc_printtextbuf, msg);
+       strlcat(csqc_printtextbuf, msg, CSQC_PRINTBUFFERLEN);
        CL_VM_Parse_Print(csqc_printtextbuf);
        csqc_printtextbuf[0] = 0;
 }
index d17ced7..2853652 100644 (file)
@@ -392,13 +392,16 @@ void *dpvsimpledecode_open(char *filename, char **errorstring)
                                                        s->videopixels = (unsigned int *)Z_Malloc(s->info_imagewidth * s->info_imageheight * sizeof(*s->videopixels));
                                                        if (s->videopixels != NULL)
                                                        {
-                                                               wavename = (char *)Z_Malloc(strlen(filename) + 10);
+                                                               size_t namelen;
+                                                               
+                                                               namelen = strlen(filename) + 10;
+                                                               wavename = (char *)Z_Malloc(namelen);
                                                                if (wavename)
                                                                {
                                                                        sfx_t* sfx;
 
                                                                        StripExtension(filename, wavename);
-                                                                       strcat(wavename, ".wav");
+                                                                       strlcat(wavename, ".wav", namelen);
                                                                        sfx = S_PrecacheSound (wavename, false, false);
                                                                        if (sfx != NULL)
                                                                                s->sndchan = S_StartSound (-1, 0, sfx, vec3_origin, 1.0f, 0);
diff --git a/keys.c b/keys.c
index 93ddfad..e1831c7 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -280,7 +280,7 @@ Key_Console (int key, char ascii)
                        if (i > 0)
                        {
                                cbd[i]=0;
-                               strcat(key_lines[edit_line], cbd);
+                               strlcat(key_lines[edit_line], cbd, sizeof(key_lines[edit_line]));
                                key_linepos += i;
                        }
                        Z_Free(cbd);
diff --git a/menu.c b/menu.c
index 919adb0..bbe8869 100644 (file)
--- a/menu.c
+++ b/menu.c
@@ -2656,8 +2656,8 @@ static void M_Keys_Draw (void)
                                if (keys[j] != -1)
                                {
                                        if (j > 0)
-                                               strcat(keystring, " or ");
-                                       strcat(keystring, Key_KeynumToString (keys[j]));
+                                               strlcat(keystring, " or ", sizeof(keystring));
+                                       strlcat(keystring, Key_KeynumToString (keys[j]), sizeof(keystring));
                                }
                        }
                }
index c6caa6b..210caf5 100644 (file)
@@ -1678,7 +1678,7 @@ static void Mod_Q1BSP_ParseWadsFromEntityLump(const char *data)
                                                        k = value[i];
                                                        value[i] = 0;
                                                        strcpy(wadname, "textures/");
-                                                       strcat(wadname, &value[j]);
+                                                       strlcat(wadname, &value[j], sizeof(wadname));
                                                        W_LoadTextureWadFile(wadname, false);
                                                        j = i+1;
                                                        if (!k)
index 657568e..cdba429 100644 (file)
@@ -317,7 +317,7 @@ void VM_M_findkeysforcommand(void)
        M_FindKeysForCommand(cmd, keys);
 
        for(i = 0; i < NUMKEYS; i++)
-               ret = strcat(ret, va(" \'%i\'", keys[i]));
+               strlcat(ret, va(" \'%i\'", keys[i]), VM_STRINGTEMP_LENGTH);
 
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(ret);
 }
@@ -427,19 +427,19 @@ void VM_M_setserverlistmaskstring( void )
 
        switch( field ) {
                case SLIF_CNAME:
-                       strncpy( mask->info.cname, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.cname) );
+                       strlcpy( mask->info.cname, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.cname) );
                        break;
                case SLIF_NAME:
-                       strncpy( mask->info.name, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.name)  );
+                       strlcpy( mask->info.name, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.name)  );
                        break;
                case SLIF_MAP:
-                       strncpy( mask->info.map, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.map)  );
+                       strlcpy( mask->info.map, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.map)  );
                        break;
                case SLIF_MOD:
-                       strncpy( mask->info.mod, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.mod)  );
+                       strlcpy( mask->info.mod, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.mod)  );
                        break;
                case SLIF_GAME:
-                       strncpy( mask->info.game, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.game)  );
+                       strlcpy( mask->info.game, PRVM_G_STRING( OFS_PARM2 ), sizeof(mask->info.game)  );
                        break;
                default:
                        VM_Warning( "VM_M_setserverlistmaskstring: Bad field number %i passed!\n", field );
index f458102..c644fa0 100644 (file)
@@ -3621,17 +3621,13 @@ void VM_buf_implode (void)
                        l += strlen(b->strings[i]);
                        if(l>=4095)
                                break;
-                       k = strcat(k, b->strings[i]);
-                       if(!k)
-                               break;
+                       strlcat(k, b->strings[i], VM_STRINGTEMP_LENGTH);
                        if(sep && (i != b->num_strings-1))
                        {
                                l += strlen(sep);
                                if(l>=4095)
                                        break;
-                               k = strcat(k, sep);
-                               if(!k)
-                                       break;
+                               strlcat(k, sep, VM_STRINGTEMP_LENGTH);
                        }
                }
        PRVM_G_INT(OFS_RETURN) = PRVM_SetEngineString(k);
index 747e33c..cde6464 100644 (file)
@@ -607,10 +607,10 @@ void PRVM_ED_Print(prvm_edict_t *ed)
                        tempstring2[sizeof(tempstring2)-1] = 0;
                        name = tempstring2;
                }
-               strcat(tempstring, name);
+               strlcat(tempstring, name, sizeof(tempstring));
                for (l = strlen(name);l < 14;l++)
-                       strcat(tempstring, " ");
-               strcat(tempstring, " ");
+                       strlcat(tempstring, " ", sizeof(tempstring));
+               strlcat(tempstring, " ", sizeof(tempstring));
 
                name = PRVM_ValueString((etype_t)d->type, (prvm_eval_t *)v);
                if (strlen(name) > sizeof(tempstring2)-4)
@@ -620,8 +620,8 @@ void PRVM_ED_Print(prvm_edict_t *ed)
                        tempstring2[sizeof(tempstring2)-1] = 0;
                        name = tempstring2;
                }
-               strcat(tempstring, name);
-               strcat(tempstring, "\n");
+               strlcat(tempstring, name, sizeof(tempstring));
+               strlcat(tempstring, "\n", sizeof(tempstring));
                if (strlen(tempstring) >= sizeof(tempstring)/2)
                {
                        Con_Print(tempstring);
@@ -1616,32 +1616,32 @@ void PRVM_Fields_f (void)
                switch(d->type & ~DEF_SAVEGLOBAL)
                {
                case ev_string:
-                       strcat(tempstring, "string   ");
+                       strlcat(tempstring, "string   ", sizeof(tempstring));
                        break;
                case ev_entity:
-                       strcat(tempstring, "entity   ");
+                       strlcat(tempstring, "entity   ", sizeof(tempstring));
                        break;
                case ev_function:
-                       strcat(tempstring, "function ");
+                       strlcat(tempstring, "function ", sizeof(tempstring));
                        break;
                case ev_field:
-                       strcat(tempstring, "field    ");
+                       strlcat(tempstring, "field    ", sizeof(tempstring));
                        break;
                case ev_void:
-                       strcat(tempstring, "void     ");
+                       strlcat(tempstring, "void     ", sizeof(tempstring));
                        break;
                case ev_float:
-                       strcat(tempstring, "float    ");
+                       strlcat(tempstring, "float    ", sizeof(tempstring));
                        break;
                case ev_vector:
-                       strcat(tempstring, "vector   ");
+                       strlcat(tempstring, "vector   ", sizeof(tempstring));
                        break;
                case ev_pointer:
-                       strcat(tempstring, "pointer  ");
+                       strlcat(tempstring, "pointer  ", sizeof(tempstring));
                        break;
                default:
                        sprintf (tempstring2, "bad type %i ", d->type & ~DEF_SAVEGLOBAL);
-                       strcat(tempstring, tempstring2);
+                       strlcat(tempstring, tempstring2, sizeof(tempstring));
                        break;
                }
                if (strlen(name) > sizeof(tempstring2)-4)
@@ -1651,12 +1651,12 @@ void PRVM_Fields_f (void)
                        tempstring2[sizeof(tempstring2)-1] = 0;
                        name = tempstring2;
                }
-               strcat(tempstring, name);
+               strlcat(tempstring, name, sizeof(tempstring));
                for (j = (int)strlen(name);j < 25;j++)
-                       strcat(tempstring, " ");
+                       strlcat(tempstring, " ", sizeof(tempstring));
                sprintf(tempstring2, "%5d", counts[i]);
-               strcat(tempstring, tempstring2);
-               strcat(tempstring, "\n");
+               strlcat(tempstring, tempstring2, sizeof(tempstring));
+               strlcat(tempstring, "\n", sizeof(tempstring));
                if (strlen(tempstring) >= sizeof(tempstring)/2)
                {
                        Con_Print(tempstring);