Various string buffer size checks

Change-Id: I39a757599ddd78fd121bf5446cba7fa5ee5ee710
Signed-off-by: Michal Bloch <m.bloch@samsung.com>

diff --git a/external/sd-daemon/sd-daemon.c b/external/sd-daemon/sd-daemon.c
index 7743c39..2e56263 100644 (file)
--- a/external/sd-daemon/sd-daemon.c
+++ b/external/sd-daemon/sd-daemon.c
@@ -456,7 +456,8 @@ _sd_export_ int sd_notify(int unset_environment, const char *state)
 
        memset(&sockaddr, 0, sizeof(sockaddr));
        sockaddr.sa.sa_family = AF_UNIX;
-       strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
+       strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path) - 1);
+       // null-terminated through the memset above
 
        if (sockaddr.un.sun_path[0] == '@')
                sockaddr.un.sun_path[0] = 0;

diff --git a/src/libdlog/log_pipe.c b/src/libdlog/log_pipe.c
index 789154d..a0be0e0 100644 (file)
--- a/src/libdlog/log_pipe.c
+++ b/src/libdlog/log_pipe.c
@@ -40,7 +40,8 @@ static int connect_pipe(const char * path)
        if (fd < 0)
                return -errno;
 
-       strncpy(sa.sun_path, path, sizeof(sa.sun_path));
+       strncpy(sa.sun_path, path, sizeof(sa.sun_path) - 1);
+       sa.sun_path[sizeof sa.sun_path - 1] = '\0';
 
        r = connect(fd, (struct sockaddr *) &sa, sizeof(sa));
        if (r < 0) {

diff --git a/src/shared/fdi_pipe.c b/src/shared/fdi_pipe.c
index 6fda08b..b9c9edf 100644 (file)
--- a/src/shared/fdi_pipe.c
+++ b/src/shared/fdi_pipe.c
@@ -137,6 +137,7 @@ static int send_logger_request(dlogutil_filter_options_s *filters, int dump, int
 
        strncat(request_string, single_option, needed);
        len += needed;
+       request_string[len - 1] = '\0';
 
        return send_dlog_request(sock_fd, DLOG_REQ_HANDLE_LOGUTIL, request_string, len);
 }

diff --git a/src/shared/logconfig.c b/src/shared/logconfig.c
index 9112e0c..4a0cd6c 100644 (file)
--- a/src/shared/logconfig.c
+++ b/src/shared/logconfig.c
@@ -202,7 +202,6 @@ static void log_config_read_file_by_handle(struct log_config *config, FILE *fp)
        char line[MAX_CONF_ENTRY_LEN];
        while (fgets(line, sizeof line, fp)) {
                int len = strlen(line);
-               char key[MAX_CONF_KEY_LEN];
 
                if (len <= 1 || line[0] == '#')
                        continue;
@@ -211,12 +210,11 @@ static void log_config_read_file_by_handle(struct log_config *config, FILE *fp)
                        line[len - 1] = '\0';
 
                char *tok = strchr(line, '=');
-               if (!tok || (tok - line >= sizeof key))
+               if (!tok || (tok - line >= sizeof ((struct log_conf_entry *)0)->key))
                        continue;
-               ++tok;
+               *tok = '\0';
 
-               snprintf(key, tok - line, "%s", line);
-               log_config_set(config, key, tok);
+               log_config_set(config, line, tok + 1);
        }
 }
 

diff --git a/src/shared/logprint.c b/src/shared/logprint.c
index b1923e8..fe0c03d 100644 (file)
--- a/src/shared/logprint.c
+++ b/src/shared/logprint.c
@@ -1155,21 +1155,39 @@ char *log_format_log_line(
        p = ret;
        pm = msg;
 
-       if (prefixSuffixIsHeaderFooter) {
-               strncat(p, pre_color_prefix, pre_color_prefix_len + 1);
+#define SPACE_LEFT (bufferSize - ((p - ret) + 1))
+       inline void add_prefix() {
+               strncat(p, pre_color_prefix,  SPACE_LEFT);
                p += pre_color_prefix_len;
-               strncat(p, prefixBuf, prefixLen);
+
+               strncat(p, prefixBuf,         SPACE_LEFT);
                p += prefixLen;
-               strncat(p, post_color_prefix, post_color_prefix_len + 1);
+
+               strncat(p, post_color_prefix, SPACE_LEFT);
                p += post_color_prefix_len;
-               strncat(p, msg, message_len);
-               p += message_len;
-               strncat(p, pre_color_suffix, pre_color_suffix_len + 1);
+       }
+
+       inline void add_suffix() {
+               strncat(p, pre_color_suffix,  SPACE_LEFT);
                p += pre_color_suffix_len;
-               strncat(p, suffixBuf, suffixLen);
+
+               strncat(p, suffixBuf,         SPACE_LEFT);
                p += suffixLen;
-               strncat(p, post_color_suffix, post_color_suffix_len + 1);
+
+               strncat(p, post_color_suffix, SPACE_LEFT);
                p += post_color_suffix_len;
+       }
+
+       inline void append_line(const char *line, size_t len) {
+               add_prefix();
+               strncat(p, line, SPACE_LEFT < len ? SPACE_LEFT : len);
+               p += len;
+               add_suffix();
+       }
+#undef SPACE_LEFT
+
+       if (prefixSuffixIsHeaderFooter) {
+               append_line(msg, message_len);
        } else {
                while (pm < (msg + message_len) && *pm != 0) {
                        const char *lineStart;
@@ -1182,25 +1200,13 @@ char *log_format_log_line(
                                        && *pm != '\n' && *pm != 0) pm++;
                        lineLen = pm - lineStart;
 
-                       strncat(p, pre_color_prefix, pre_color_prefix_len + 1);
-                       p += pre_color_prefix_len;
-                       strncat(p, prefixBuf, prefixLen);
-                       p += prefixLen;
-                       strncat(p, post_color_prefix, post_color_prefix_len + 1);
-                       p += post_color_prefix_len;
-                       strncat(p, lineStart, lineLen);
-                       p += lineLen;
-                       strncat(p, pre_color_suffix, pre_color_suffix_len + 1);
-                       p += pre_color_suffix_len;
-                       strncat(p, suffixBuf, suffixLen);
-                       p += suffixLen;
-                       strncat(p, post_color_suffix, post_color_suffix_len + 1);
-                       p += post_color_suffix_len;
+                       append_line(lineStart, lineLen);
 
                        if (pm < (msg + message_len) && *pm == '\n' && *pm != 0)
                                pm++;
                }
        }
+       *p = '\0';
 
        if (p_outLength != NULL)
                *p_outLength = p - ret;