Make strings safer

Signed-off-by: Rory Bradford <roryrjb@gmail.com>

6 files changed, 171 insertions, 13 deletions

diff --git a/Makefile b/Makefile
index 58b045d..7287b64 100644
--- a/Makefile
+++ b/Makefile
@@ -2,21 +2,25 @@
 
 BIN = rf
 VERSION = 0.0.5
-OBJS = rf.o ignore.o config.o
+OBJS = rf.o ignore.o config.o include/common/strl.o
 PREFIX = /usr/local
 CC = cc
+INCLUDE += -Iinclude/common
 CFLAGS = -std=c99 -pedantic -O2 \
 	  -Wall -Wextra -Wsign-compare \
 	  -fstack-protector-strong -fpie \
 	  -D_FORTIFY_SOURCE=2 \
 	  -DVERSION='"$(VERSION)"' \
-	  -DNAME='"$(BIN)"'
+	  $(INCLUDE)
 
 all: $(BIN)
 
 $(BIN): $(OBJS)
 	$(CC) $(CFLAGS) -o $(BIN) $(OBJS)
 
+static: $(OBJS)
+	$(CC) $(CFLAGS) -static -o $(BIN) $(OBJS)
+
 rf.1: rf.1.scd
 	scdoc < $< > $@
 
@@ -37,4 +41,5 @@ install: $(BIN) rf.1 rfignore.5 rfconfig.5
 	install -m444 rfconfig.5 $(DESTDIR)$(PREFIX)/man/man5/
 
 clean:
-	rm -vf $(BIN) *.o *.1 *.5
+	@rm -vf $(BIN) *.1 *.5
+	@find . -name \*.o -exec rm -v {} +
diff --git a/include/common/banned.h b/include/common/banned.h
new file mode 100644
index 0000000..a3d1883
--- /dev/null
+++ b/include/common/banned.h
@@ -0,0 +1,45 @@
+#ifndef BANNED_H
+#define BANNED_H
+
+/*
+ * This header lists functions that have been banned from our code base,
+ * because they're too easy to misuse (and even if used correctly,
+ * complicate audits). Including this header turns them into compile-time
+ * errors.
+ */
+
+#define BANNED(func) sorry_##func##_is_a_banned_function
+
+#undef strcpy
+#define strcpy(x,y) BANNED(strcpy)
+#undef strcat
+#define strcat(x,y) BANNED(strcat)
+#undef strncpy
+#define strncpy(x,y,n) BANNED(strncpy)
+#undef strncat
+#define strncat(x,y,n) BANNED(strncat)
+
+#undef sprintf
+#undef vsprintf
+#ifdef HAVE_VARIADIC_MACROS
+#define sprintf(...) BANNED(sprintf)
+#define vsprintf(...) BANNED(vsprintf)
+#else
+#define sprintf(buf,fmt,arg) BANNED(sprintf)
+#define vsprintf(buf,fmt,arg) BANNED(vsprintf)
+#endif
+
+#undef gmtime
+#define gmtime(t) BANNED(gmtime)
+#undef localtime
+#define localtime(t) BANNED(localtime)
+#undef ctime
+#define ctime(t) BANNED(ctime)
+#undef ctime_r
+#define ctime_r(t, buf) BANNED(ctime_r)
+#undef asctime
+#define asctime(t) BANNED(asctime)
+#undef asctime_r
+#define asctime_r(t, buf) BANNED(asctime_r)
+
+#endif /* BANNED_H */
\ No newline at end of file
diff --git a/include/common/common.h b/include/common/common.h
new file mode 100644
index 0000000..2061ff7
--- /dev/null
+++ b/include/common/common.h
@@ -0,0 +1,2 @@
+#include "banned.h"
+#include "strl.h"
diff --git a/include/common/strl.c b/include/common/strl.c
new file mode 100644
index 0000000..6c477ae
--- /dev/null
+++ b/include/common/strl.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 1998, 2015 Todd C. Miller <millert@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#if !defined(BSD)
+
+#include "strl.h"
+
+/*
+ * Copy string src to buffer dst of size dsize.  At most dsize-1
+ * chars will be copied.  Always NUL terminates (unless dsize == 0).
+ * Returns strlen(src); if retval >= dsize, truncation occurred.
+ */
+size_t strlcpy(char *dst, const char *src, size_t dsize) {
+	const char *osrc = src;
+	size_t nleft = dsize;
+
+	/* Copy as many bytes as will fit. */
+	if (nleft != 0) {
+		while (--nleft != 0) {
+			if ((*dst++ = *src++) == '\0')
+				break;
+		}
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src. */
+	if (nleft == 0) {
+		if (dsize != 0)
+			*dst = '\0'; /* NUL-terminate dst */
+		while (*src++)
+			;
+	}
+
+	return (src - osrc - 1); /* count does not include NUL */
+}
+
+/*
+ * Appends src to string dst of size dsize (unlike strncat, dsize is the
+ * full size of dst, not space left).  At most dsize-1 characters
+ * will be copied.  Always NUL terminates (unless dsize <= strlen(dst)).
+ * Returns strlen(src) + MIN(dsize, strlen(initial dst)).
+ * If retval >= dsize, truncation occurred.
+ */
+size_t strlcat(char *dst, const char *src, size_t dsize) {
+	const char *odst = dst;
+	const char *osrc = src;
+	size_t n = dsize;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end. */
+	while (n-- != 0 && *dst != '\0')
+		dst++;
+	dlen = dst - odst;
+	n = dsize - dlen;
+
+	if (n-- == 0)
+		return (dlen + strlen(src));
+	while (*src != '\0') {
+		if (n != 0) {
+			*dst++ = *src;
+			n--;
+		}
+		src++;
+	}
+	*dst = '\0';
+
+	return (dlen + (src - osrc)); /* count does not include NUL */
+}
+
+#endif
\ No newline at end of file
diff --git a/include/common/strl.h b/include/common/strl.h
new file mode 100644
index 0000000..099f0db
--- /dev/null
+++ b/include/common/strl.h
@@ -0,0 +1,5 @@
+#include <string.h>
+#include <sys/types.h>
+
+size_t strlcpy(char *dst, const char *src, size_t dsize);
+size_t strlcat(char *dst, const char *src, size_t dsize);
\ No newline at end of file
diff --git a/rf.c b/rf.c
index d2d18aa..1f51598 100644
--- a/rf.c
+++ b/rf.c
@@ -17,6 +17,11 @@
 
 #include "config.h"
 #include "ignore.h"
+#include "include/common/common.h"
+
+#define IGNORE "ignore"
+#define CONFIG "config"
+#define RFIGNORE "rfignore"
 
 extern char *__progname;
 
@@ -96,7 +101,7 @@ static int recurse_find(char **patterns, int *pattern_count,
 	DIR *dir;
 
 	char path[MAXPATHLEN] = {'\0'};
-	strcat(path, dirname);
+	strlcat(path, dirname, MAXPATHLEN);
 	dir = opendir(path);
 
 	if (dir != NULL && !excluded(dirname)) {
@@ -107,13 +112,13 @@ static int recurse_find(char **patterns, int *pattern_count,
 			int p = 0;
 
 			char full_path[MAXPATHLEN] = {'\0'};
-			strcat(full_path, path);
+			strlcat(full_path, path, MAXPATHLEN);
 
 			if (full_path[strlen(full_path) - 1] != '/') {
-				strcat(full_path, "/");
+				strlcat(full_path, "/", MAXPATHLEN);
 			}
 
-			strcat(full_path, entry->d_name);
+			strlcat(full_path, entry->d_name, MAXPATHLEN);
 
 			struct stat entry_stat;
 
@@ -256,9 +261,13 @@ int main(int argc, char **argv) {
 						 : (strlen(cwd) + strlen(".rfignore") + 1)];
 
 	if (xdg_config_home) {
-		sprintf(config_file, "%s/rf/%s", xdg_config_home, "config");
+		const char *pattern = "%s/rf/%s";
+		int len = (strlen(pattern) + strlen(xdg_config_home) + strlen(CONFIG));
+		snprintf(config_file, len, pattern, xdg_config_home, CONFIG);
 	} else {
-		sprintf(config_file, "%s/.config/rf/%s", home, "config");
+		const char *pattern = "%s/.config/rf/%s";
+		int len = (strlen(pattern) + strlen(home) + strlen(CONFIG));
+		snprintf(config_file, len, pattern, home, CONFIG);
 	}
 
 	fp = fopen(override_config_file ? override_config_file : config_file, "r");
@@ -320,13 +329,23 @@ int main(int argc, char **argv) {
 									  3)
 								: (strlen(cwd) + strlen(".rfignore") + 1)];
 	char local_ignore_path[strlen(cwd) + strlen(".rfignore") + 1];
-	sprintf(global_ignore_path, "%s/%s", home, ".rfignore");
-	sprintf(local_ignore_path, "%s/%s", cwd, ".rfignore");
+
+	const char *pattern = "%s/%s";
+	snprintf(global_ignore_path,
+		(strlen(pattern) + strlen(home) + strlen(RFIGNORE)), pattern, home,
+		RFIGNORE);
+	snprintf(local_ignore_path,
+		(strlen(pattern) + strlen(cwd) + strlen(RFIGNORE)), pattern, cwd,
+		RFIGNORE);
 
 	if (xdg_config_home) {
-		sprintf(config_ignore_path, "%s/rf/%s", xdg_config_home, "ignore");
+		const char *pattern = "%s/rf/%s";
+		int len = (strlen(pattern) + strlen(xdg_config_home) + strlen(IGNORE));
+		snprintf(config_ignore_path, len, pattern, xdg_config_home, IGNORE);
 	} else {
-		sprintf(config_ignore_path, "%s/.config/rf/%s", home, "ignore");
+		const char *pattern = "%s/.config/rf/%s";
+		int len = (strlen(pattern) + strlen(home) + strlen(IGNORE));
+		snprintf(config_ignore_path, len, pattern, home, IGNORE);
 	}
 
 	global_ignores = init_ignores(global_ignore_path);