diff options
author | Rory Bradford <roryrjb@gmail.com> | 2021-03-06 14:46:31 +0000 |
---|---|---|
committer | Rory Bradford <roryrjb@gmail.com> | 2021-03-06 14:46:31 +0000 |
commit | 249d2cf01750feaad1dd7bc29a0a998da7017052 (patch) | |
tree | d9b49740d922f7487c68fdca4cc85ff6cd9dbd15 /include | |
parent | a40bd8adb20715582813fb8399dd37e4efee9b37 (diff) | |
download | rf-249d2cf01750feaad1dd7bc29a0a998da7017052.tar.gz |
Make strings safer
Signed-off-by: Rory Bradford <roryrjb@gmail.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/common/banned.h | 45 | ||||
-rw-r--r-- | include/common/common.h | 2 | ||||
-rw-r--r-- | include/common/strl.c | 82 | ||||
-rw-r--r-- | include/common/strl.h | 5 |
4 files changed, 134 insertions, 0 deletions
diff --git a/include/common/banned.h b/include/common/banned.h new file mode 100644 index 0000000..a3d1883 --- /dev/null +++ b/include/common/banned.h @@ -0,0 +1,45 @@ +#ifndef BANNED_H +#define BANNED_H + +/* + * This header lists functions that have been banned from our code base, + * because they're too easy to misuse (and even if used correctly, + * complicate audits). Including this header turns them into compile-time + * errors. + */ + +#define BANNED(func) sorry_##func##_is_a_banned_function + +#undef strcpy +#define strcpy(x,y) BANNED(strcpy) +#undef strcat +#define strcat(x,y) BANNED(strcat) +#undef strncpy +#define strncpy(x,y,n) BANNED(strncpy) +#undef strncat +#define strncat(x,y,n) BANNED(strncat) + +#undef sprintf +#undef vsprintf +#ifdef HAVE_VARIADIC_MACROS +#define sprintf(...) BANNED(sprintf) +#define vsprintf(...) BANNED(vsprintf) +#else +#define sprintf(buf,fmt,arg) BANNED(sprintf) +#define vsprintf(buf,fmt,arg) BANNED(vsprintf) +#endif + +#undef gmtime +#define gmtime(t) BANNED(gmtime) +#undef localtime +#define localtime(t) BANNED(localtime) +#undef ctime +#define ctime(t) BANNED(ctime) +#undef ctime_r +#define ctime_r(t, buf) BANNED(ctime_r) +#undef asctime +#define asctime(t) BANNED(asctime) +#undef asctime_r +#define asctime_r(t, buf) BANNED(asctime_r) + +#endif /* BANNED_H */ \ No newline at end of file diff --git a/include/common/common.h b/include/common/common.h new file mode 100644 index 0000000..2061ff7 --- /dev/null +++ b/include/common/common.h @@ -0,0 +1,2 @@ +#include "banned.h" +#include "strl.h" diff --git a/include/common/strl.c b/include/common/strl.c new file mode 100644 index 0000000..6c477ae --- /dev/null +++ b/include/common/strl.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1998, 2015 Todd C. Miller <millert@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#if !defined(BSD) + +#include "strl.h" + +/* + * Copy string src to buffer dst of size dsize. At most dsize-1 + * chars will be copied. Always NUL terminates (unless dsize == 0). + * Returns strlen(src); if retval >= dsize, truncation occurred. + */ +size_t strlcpy(char *dst, const char *src, size_t dsize) { + const char *osrc = src; + size_t nleft = dsize; + + /* Copy as many bytes as will fit. */ + if (nleft != 0) { + while (--nleft != 0) { + if ((*dst++ = *src++) == '\0') + break; + } + } + + /* Not enough room in dst, add NUL and traverse rest of src. */ + if (nleft == 0) { + if (dsize != 0) + *dst = '\0'; /* NUL-terminate dst */ + while (*src++) + ; + } + + return (src - osrc - 1); /* count does not include NUL */ +} + +/* + * Appends src to string dst of size dsize (unlike strncat, dsize is the + * full size of dst, not space left). At most dsize-1 characters + * will be copied. Always NUL terminates (unless dsize <= strlen(dst)). + * Returns strlen(src) + MIN(dsize, strlen(initial dst)). + * If retval >= dsize, truncation occurred. + */ +size_t strlcat(char *dst, const char *src, size_t dsize) { + const char *odst = dst; + const char *osrc = src; + size_t n = dsize; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end. */ + while (n-- != 0 && *dst != '\0') + dst++; + dlen = dst - odst; + n = dsize - dlen; + + if (n-- == 0) + return (dlen + strlen(src)); + while (*src != '\0') { + if (n != 0) { + *dst++ = *src; + n--; + } + src++; + } + *dst = '\0'; + + return (dlen + (src - osrc)); /* count does not include NUL */ +} + +#endif \ No newline at end of file diff --git a/include/common/strl.h b/include/common/strl.h new file mode 100644 index 0000000..099f0db --- /dev/null +++ b/include/common/strl.h @@ -0,0 +1,5 @@ +#include <string.h> +#include <sys/types.h> + +size_t strlcpy(char *dst, const char *src, size_t dsize); +size_t strlcat(char *dst, const char *src, size_t dsize); \ No newline at end of file |