From 971b002d935155abd56d0b01fe5e284f63439b99 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 17 Mar 2004 07:28:09 +0000 Subject: [PATCH] Include strlcpy and strlcat where not available, so our string ops can be less error-prone. svn:r1289 --- configure.in | 1 + doc/tor-spec.txt | 2 +- src/common/Makefile.am | 1 - src/common/strlcat.c | 73 ++++++++++++++++++++++++++++++++++++++++++ src/common/strlcpy.c | 64 ++++++++++++++++++++++++++++++++++++ src/common/util.c | 14 +++++--- src/common/util.h | 3 ++ 7 files changed, 152 insertions(+), 6 deletions(-) create mode 100644 src/common/strlcat.c create mode 100644 src/common/strlcpy.c diff --git a/configure.in b/configure.in index 67027b56e7..b6b12fc46f 100644 --- a/configure.in +++ b/configure.in @@ -137,6 +137,7 @@ dnl These headers are not essential AC_CHECK_HEADERS(stdint.h sys/types.h inttypes.h sys/wait.h netinet/in.h arpa/inet.h) AC_CHECK_FUNCS(gettimeofday ftime socketpair uname inet_aton strptime) +AC_REPLACE_FUNCS(strlcat strlcpy) dnl In case we aren't given a working stdint.h, we'll need to grow our own. dnl Watch out. diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt index d296215c8a..4d65739939 100644 --- a/doc/tor-spec.txt +++ b/doc/tor-spec.txt @@ -521,7 +521,7 @@ Every Item begins with a KeywordLine, followed by one or more Objects. A KeywordLine begins with a Keyword, optionally followed by a space and more non-newline characters, and ends with a newline. A Keyword is a sequence of one or more characters in the set [A-Za-z0-9-]. An Object is a block of -PGP-encrypted data in Open-PGP-style armor. +encoded data in pseudo-Open-PGP-style armor. (cf. RFC 2440) More formally: diff --git a/src/common/Makefile.am b/src/common/Makefile.am index 7bd90b0bf4..144cc6e8fb 100644 --- a/src/common/Makefile.am +++ b/src/common/Makefile.am @@ -6,4 +6,3 @@ noinst_LIBRARIES = libor.a libor_a_SOURCES = log.c crypto.c fakepoll.c util.c aes.c tortls.c noinst_HEADERS = log.h crypto.h fakepoll.h test.h util.h aes.h torint.h tortls.h - diff --git a/src/common/strlcat.c b/src/common/strlcat.c new file mode 100644 index 0000000000..b309648155 --- /dev/null +++ b/src/common/strlcat.c @@ -0,0 +1,73 @@ +/* $OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $ */ + +/* + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char *rcsid = "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz <= strlen(dst)). + * Returns strlen(src) + MIN(siz, strlen(initial dst)). + * If retval >= siz, truncation occurred. + */ +size_t +strlcat(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + register char *d = dst; + register const char *s = src; + register size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} diff --git a/src/common/strlcpy.c b/src/common/strlcpy.c new file mode 100644 index 0000000000..2448ec06c8 --- /dev/null +++ b/src/common/strlcpy.c @@ -0,0 +1,64 @@ +/* $Id$ */ +/* $OpenBSD: strlcpy.c,v 1.2 1998/11/06 04:33:16 wvdputte Exp $ */ + +/* + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char *rcsid = "$OpenBSD: strlcpy.c,v 1.2 1998/11/06 04:33:16 wvdputte Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t strlcpy(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + register char *d = dst; + register const char *s = src; + register size_t n = siz; + + if (n == 0) + return(strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(s - src); /* count does not include NUL */ +} diff --git a/src/common/util.c b/src/common/util.c index 9194602bd1..87cdd97ce7 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -8,6 +8,13 @@ #include #endif +#ifndef HAVE_STRLCPY +#include "strlcpy.c" +#endif +#ifndef HAVE_STRLCAT +#include "strlcat.c" +#endif + /* * Memory wrappers */ @@ -568,12 +575,11 @@ write_str_to_file(const char *fname, const char *str) char tempname[1024]; int fd; FILE *file; - if (strlen(fname) > 1000) { - log(LOG_WARN, "Filename %s is too long.", fname); + if ((strlcpy(tempname,fname,1024) >= 1024) || + (strlcat(tempname,".tmp",1024) >= 1024)) { + log(LOG_WARN, "Filename %s.tmp too long (>1024 chars)", fname); return -1; } - strcpy(tempname,fname); - strcat(tempname,".tmp"); if ((fd = open(tempname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { log(LOG_WARN, "Couldn't open %s for writing: %s", tempname, strerror(errno)); diff --git a/src/common/util.h b/src/common/util.h index 63d55c6fe4..f9b2b90eb5 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -32,6 +32,9 @@ #define INLINE inline #endif +size_t strlcat(char *dst, const char *src, size_t siz); +size_t strlcpy(char *dst, const char *src, size_t siz); + void *tor_malloc(size_t size); void *tor_malloc_zero(size_t size); void *tor_realloc(void *ptr, size_t size);