From d91bc6b039d5d3403cfb5a4f55dcbd8ccba76d71 Mon Sep 17 00:00:00 2001 From: James Jones Date: Tue, 3 Sep 2024 14:23:15 -0500 Subject: [PATCH] use strlcpy()i rather than strcpy() (CIDs #1618878-#161880) command_encode_dns_label(), command_radmin_add(), and command_encode_raw() all strcpy() the incoming string in to a local fixed-size buffer buffer. The callers all pass a pointer to a buffer no bigger than the local buffer, but Coverity apparently cannot tell that. (It looks like all calls to hem are made through an array of structures--perhaps that's why.) To pacify Coverity, we switch from strcpy() to strlcpy(), which takes an extra parameter to let us guarantee it won't overrun buffer. --- src/bin/unit_test_attribute.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/bin/unit_test_attribute.c b/src/bin/unit_test_attribute.c index 70f4000ea804..ae094c0f1ead 100644 --- a/src/bin/unit_test_attribute.c +++ b/src/bin/unit_test_attribute.c @@ -1379,7 +1379,7 @@ static size_t command_radmin_add(command_result_t *result, command_file_ctx_t *c table = talloc_zero(cc->tmp_ctx, fr_cmd_table_t); - strcpy(buffer, in); + strlcpy(buffer, in, sizeof(buffer)); p = strchr(buffer, ':'); if (!p) { @@ -1755,7 +1755,7 @@ size_t command_encode_dns_label(command_result_t *result, command_file_ctx_t *cc uint8_t *enc_p; char buffer[8192]; - strcpy(buffer, in); + strlcpy(buffer, in, sizeof(buffer)); p = buffer; next = strchr(p, ','); @@ -2024,7 +2024,7 @@ static size_t command_encode_raw(command_result_t *result, command_file_ctx_t *c size_t len; char buffer[8192]; - strcpy(buffer, in); + strlcpy(buffer, in, sizeof(buffer)); len = encode_rfc(buffer, cc->buffer_start, cc->buffer_end - cc->buffer_start); if (len <= 0) RETURN_PARSE_ERROR(0);