about summary refs log tree commit diff stats
path: root/include/common
diff options
context:
space:
mode:
authorRory Bradford <roryrjb@gmail.com>2021-03-06 14:46:31 +0000
committerRory Bradford <roryrjb@gmail.com>2021-03-06 14:46:31 +0000
commit249d2cf01750feaad1dd7bc29a0a998da7017052 (patch)
treed9b49740d922f7487c68fdca4cc85ff6cd9dbd15 /include/common
parenta40bd8adb20715582813fb8399dd37e4efee9b37 (diff)
downloadrf-249d2cf01750feaad1dd7bc29a0a998da7017052.tar.gz
Make strings safer
Signed-off-by: Rory Bradford <roryrjb@gmail.com>
Diffstat (limited to 'include/common')
-rw-r--r--include/common/banned.h45
-rw-r--r--include/common/common.h2
-rw-r--r--include/common/strl.c82
-rw-r--r--include/common/strl.h5
4 files changed, 134 insertions, 0 deletions
diff --git a/include/common/banned.h b/include/common/banned.h
new file mode 100644
index 0000000..a3d1883
--- /dev/null
+++ b/include/common/banned.h
@@ -0,0 +1,45 @@
+#ifndef BANNED_H
+#define BANNED_H
+
+/*
+ * This header lists functions that have been banned from our code base,
+ * because they're too easy to misuse (and even if used correctly,
+ * complicate audits). Including this header turns them into compile-time
+ * errors.
+ */
+
+#define BANNED(func) sorry_##func##_is_a_banned_function
+
+#undef strcpy
+#define strcpy(x,y) BANNED(strcpy)
+#undef strcat
+#define strcat(x,y) BANNED(strcat)
+#undef strncpy
+#define strncpy(x,y,n) BANNED(strncpy)
+#undef strncat
+#define strncat(x,y,n) BANNED(strncat)
+
+#undef sprintf
+#undef vsprintf
+#ifdef HAVE_VARIADIC_MACROS
+#define sprintf(...) BANNED(sprintf)
+#define vsprintf(...) BANNED(vsprintf)
+#else
+#define sprintf(buf,fmt,arg) BANNED(sprintf)
+#define vsprintf(buf,fmt,arg) BANNED(vsprintf)
+#endif
+
+#undef gmtime
+#define gmtime(t) BANNED(gmtime)
+#undef localtime
+#define localtime(t) BANNED(localtime)
+#undef ctime
+#define ctime(t) BANNED(ctime)
+#undef ctime_r
+#define ctime_r(t, buf) BANNED(ctime_r)
+#undef asctime
+#define asctime(t) BANNED(asctime)
+#undef asctime_r
+#define asctime_r(t, buf) BANNED(asctime_r)
+
+#endif /* BANNED_H */
\ No newline at end of file
diff --git a/include/common/common.h b/include/common/common.h
new file mode 100644
index 0000000..2061ff7
--- /dev/null
+++ b/include/common/common.h
@@ -0,0 +1,2 @@
+#include "banned.h"
+#include "strl.h"
diff --git a/include/common/strl.c b/include/common/strl.c
new file mode 100644
index 0000000..6c477ae
--- /dev/null
+++ b/include/common/strl.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 1998, 2015 Todd C. Miller <millert@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#if !defined(BSD)
+
+#include "strl.h"
+
+/*
+ * Copy string src to buffer dst of size dsize.  At most dsize-1
+ * chars will be copied.  Always NUL terminates (unless dsize == 0).
+ * Returns strlen(src); if retval >= dsize, truncation occurred.
+ */
+size_t strlcpy(char *dst, const char *src, size_t dsize) {
+	const char *osrc = src;
+	size_t nleft = dsize;
+
+	/* Copy as many bytes as will fit. */
+	if (nleft != 0) {
+		while (--nleft != 0) {
+			if ((*dst++ = *src++) == '\0')
+				break;
+		}
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src. */
+	if (nleft == 0) {
+		if (dsize != 0)
+			*dst = '\0'; /* NUL-terminate dst */
+		while (*src++)
+			;
+	}
+
+	return (src - osrc - 1); /* count does not include NUL */
+}
+
+/*
+ * Appends src to string dst of size dsize (unlike strncat, dsize is the
+ * full size of dst, not space left).  At most dsize-1 characters
+ * will be copied.  Always NUL terminates (unless dsize <= strlen(dst)).
+ * Returns strlen(src) + MIN(dsize, strlen(initial dst)).
+ * If retval >= dsize, truncation occurred.
+ */
+size_t strlcat(char *dst, const char *src, size_t dsize) {
+	const char *odst = dst;
+	const char *osrc = src;
+	size_t n = dsize;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end. */
+	while (n-- != 0 && *dst != '\0')
+		dst++;
+	dlen = dst - odst;
+	n = dsize - dlen;
+
+	if (n-- == 0)
+		return (dlen + strlen(src));
+	while (*src != '\0') {
+		if (n != 0) {
+			*dst++ = *src;
+			n--;
+		}
+		src++;
+	}
+	*dst = '\0';
+
+	return (dlen + (src - osrc)); /* count does not include NUL */
+}
+
+#endif
\ No newline at end of file
diff --git a/include/common/strl.h b/include/common/strl.h
new file mode 100644
index 0000000..099f0db
--- /dev/null
+++ b/include/common/strl.h
@@ -0,0 +1,5 @@
+#include <string.h>
+#include <sys/types.h>
+
+size_t strlcpy(char *dst, const char *src, size_t dsize);
+size_t strlcat(char *dst, const char *src, size_t dsize);
\ No newline at end of file