1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 02_avoid_buffer_overflows.dpatch by Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: Cleaning up all strcpy, strcat, and sprintf invocations to avoid
6
## DP: common buffer overflows at least.
9
diff -urNad tweak~/actions.c tweak/actions.c
10
--- tweak~/actions.c 2007-03-14 00:42:05.000000000 -0400
11
+++ tweak/actions.c 2008-03-16 20:06:29.796165664 -0400
16
- strcpy (message, "Unable to back up file!");
17
+ strncpy (message, "Unable to back up file!", sizeof(message) - 1);
24
- strcpy (message, "Unable to save file!");
25
+ strncpy (message, "Unable to save file!", sizeof(message) - 1);
30
static void act_togins(void) {
31
if (look_mode || fix_mode) {
33
- sprintf(message, "Can't engage Insert mode when in %s mode",
34
+ snprintf(message, sizeof(message), "Can't engage Insert mode when in %s mode",
35
(look_mode ? "LOOK" : "FIX"));
36
insert_mode = FALSE; /* safety! */
42
- strcpy (message, "Can't modify file in LOOK mode");
43
+ strncpy (message, "Can't modify file in LOOK mode", sizeof(message - 1));
51
- strcpy(message, "Not a valid character when in hex editing mode");
52
+ strncpy(message, "Not a valid character when in hex editing mode", sizeof(message) - 1);
57
if ( (!insert || edit_type == 2) && cur_pos == file_size) {
59
- strcpy(message, "End of file reached");
60
+ strncpy(message, "End of file reached", sizeof(message) - 1);
68
- strcpy(message, "End of file reached");
69
+ strncpy(message, "End of file reached", sizeof(message) - 1);
74
static void act_delete(void) {
75
if (!insert_mode || (edit_type!=2 && cur_pos==0)) {
77
- strcpy (message, "Can't delete while not in Insert mode");
78
+ strncpy (message, "Can't delete while not in Insert mode", sizeof(message) - 1);
79
} else if (cur_pos > 0 || edit_type == 2) {
81
buf_delete (filedata, 1, cur_pos);
83
static void act_delch(void) {
86
- strcpy (message, "Can't delete while not in Insert mode");
87
+ strncpy (message, "Can't delete while not in Insert mode", sizeof(message) - 1);
88
} else if (cur_pos < file_size) {
89
buf_delete (filedata, 1, cur_pos);
92
static void act_mark (void) {
95
- strcpy (message, "Can't cut or paste in LOOK mode");
96
+ strncpy (message, "Can't cut or paste in LOOK mode", sizeof(message) - 1);
97
marking = FALSE; /* safety */
100
@@ -411,12 +411,12 @@
102
if (!marking || mark_point==cur_pos) {
104
- strcpy (message, "Set mark first");
105
+ strncpy (message, "Set mark first", sizeof(message) - 1);
110
- strcpy (message, "Can't cut while not in Insert mode");
111
+ strncpy (message, "Can't cut while not in Insert mode", sizeof(message) - 1);
119
- strcpy (message, "Set mark first");
120
+ strncpy (message, "Set mark first", sizeof(message) - 1);
126
if (cur_pos + cutsize > file_size) {
128
- strcpy (message, "Too close to end of file to paste");
129
+ strncpy (message, "Too close to end of file to paste", sizeof(message) - 1);
132
buf_delete (filedata, cutsize, cur_pos);
133
@@ -500,13 +500,13 @@
134
position = parse_num (buffer, &error);
137
- strcpy (message, "Unable to parse position value");
138
+ strncpy (message, "Unable to parse position value", sizeof(message) - 1);
142
if (position < 0 || position > file_size) {
144
- strcpy (message, "Position is outside bounds of file");
145
+ strncpy (message, "Position is outside bounds of file", sizeof(message) - 1);
150
if (!get_str(last_search ? withdef : withoutdef, buffer, TRUE))
151
return 0; /* user break */
152
if (!last_search && !*buffer) {
153
- strcpy (message, "Search aborted.");
154
+ strncpy (message, "Search aborted.", sizeof(message) - 1);
159
len = parse_quoted (buffer);
162
- strcpy (message, "Invalid escape sequence in search string");
163
+ strncpy (message, "Invalid escape sequence in search string", sizeof(message) - 1);
171
- strcpy (message, "Not found.");
172
+ strncpy (message, "Not found.", sizeof(message) - 1);
175
static void act_search_backwards (void) {
180
- strcpy (message, "Not found.");
181
+ strncpy (message, "Not found.", sizeof(message) - 1);
184
static void act_recentre (void) {
185
@@ -660,13 +660,13 @@
186
fileoffset_t new_top;
189
- sprintf (prompt, "Enter screen width in bytes (now %"OFF"d): ", width);
190
+ snprintf (prompt, sizeof(prompt), "Enter screen width in bytes (now %"OFF"d): ", width);
191
if (!get_str (prompt, buffer, FALSE))
193
w = parse_num (buffer, &error);
196
- strcpy (message, "Unable to parse width value");
197
+ strncpy (message, "Unable to parse width value", sizeof(message) - 1);
201
@@ -686,14 +686,14 @@
202
fileoffset_t new_top;
205
- sprintf (prompt, "Enter start-of-file offset in bytes (now %"OFF"d): ",
206
+ snprintf (prompt, sizeof(prompt), "Enter start-of-file offset in bytes (now %"OFF"d): ",
208
if (!get_str (prompt, buffer, FALSE))
210
o = parse_num (buffer, &error);
213
- strcpy (message, "Unable to parse offset value");
214
+ strncpy (message, "Unable to parse offset value", sizeof(message) - 1);
218
diff -urNad tweak~/keytab.c tweak/keytab.c
219
--- tweak~/keytab.c 2007-03-14 00:42:05.000000000 -0400
220
+++ tweak/keytab.c 2008-03-16 20:06:29.796165664 -0400
224
* Format an ASCII code into a printable description of the key stroke.
225
+ * should use no more than 8 chars -- make sure s has room for 8 chars!
227
static void strkey (char *s, int k) {
228
k &= 255; /* force unsigned */
231
+ strncpy(s, " ESC", 8);
232
else if (k<32 || k==127)
233
- sprintf(s, " ^%c", k ^ 64);
234
+ snprintf(s, 8, " ^%c", k ^ 64);
236
- sprintf(s, " %c", k);
237
+ snprintf(s, 8, " %c", k);
239
- sprintf(s, " <0x%2X>", k);
240
+ snprintf(s, 8, " <0x%2X>", k);
245
#if defined(unix) && !defined(GO32)
248
- strcpy(message, "Unknown key sequence");
249
+ strncpy(message, "Unknown key sequence", sizeof(message));
250
strkey(message+strlen(message), last_char);
251
kt = base[(unsigned char) last_char];
253
diff -urNad tweak~/main.c tweak/main.c
254
--- tweak~/main.c 2008-03-16 20:06:29.296137168 -0400
255
+++ tweak/main.c 2008-03-16 20:06:29.796165664 -0400
257
void fix_offset(void) {
258
if (3*width+11 > display_cols) {
259
width = (display_cols-11) / 3;
260
- sprintf (message, "Width reduced to %"OFF"d to fit on the screen", width);
261
+ snprintf (message, sizeof(message), "Width reduced to %"OFF"d to fit on the screen", width);
263
if (4*width+14 > display_cols) {
264
ascii_enabled = FALSE;
266
display_define_colour(COL_INVALID, 11, 0, FALSE);
268
for (i=0; i<256; i++) {
269
- sprintf(hex[i], "%02X", i);
270
+ snprintf(hex[i], 3, "%02X", i);
271
toprint[i] = (i>=32 && i<127 ? i : '.');
274
@@ -384,12 +384,12 @@
277
assert(file_size == buf_length(filedata));
278
- sprintf(message, "loaded %s (size %"OFF"d == 0x%"OFF"X).",
279
+ snprintf(message, sizeof(message), "loaded %s (size %"OFF"d == 0x%"OFF"X).",
280
fname, file_size, file_size);
282
filedata = buf_new_from_file(fp);
283
file_size = buf_length(filedata);
284
- sprintf(message, "opened %s (size %"OFF"d == 0x%"OFF"X).",
285
+ snprintf(message, sizeof(message), "opened %s (size %"OFF"d == 0x%"OFF"X).",
286
fname, file_size, file_size);
292
filedata = buf_new_empty();
293
- sprintf(message, "New file %s.", fname);
294
+ snprintf(message, sizeof(message), "New file %s.", fname);
301
return TRUE; /* unnecessary - pretend it's done */
302
- strcpy (backup_name, filename);
303
+ backup_name[sizeof(backup_name) - 1] = '\0'; /* ensure null termination */
304
+ strncpy (backup_name, filename, sizeof(backup_name) - 1);
305
#if defined(unix) && !defined(GO32)
306
- strcat (backup_name, ".bak");
307
+ strncat (backup_name, ".bak", sizeof(backup_name) - (strlen(backup_name) + 1));
313
display_moveto (display_rows-2, 0);
314
display_set_colour(COL_STATUS);
315
- sprintf(status, statfmt,
316
+ snprintf(status, sizeof(status), statfmt,
317
(modified ? "**" : " "),
319
(insert_mode ? "(Insert)" :
321
} else if (c == 27 || c == 7) {
323
display_post_error();
324
- strcpy (message, "User Break!");
325
+ strncpy (message, "User Break!", sizeof(message));
333
- strcpy(message, "Suspend function not yet implemented.");
334
+ strncpy(message, "Suspend function not yet implemented.", sizeof(message));
338
diff -urNad tweak~/rcfile.c tweak/rcfile.c
339
--- tweak~/rcfile.c 2007-03-14 00:42:05.000000000 -0400
340
+++ tweak/rcfile.c 2008-03-16 20:08:05.301608209 -0400
341
@@ -148,11 +148,12 @@
343
int errors = FALSE, errors_here;
345
+ rcname[sizeof(rcname) - 1] = '\0'; /* ensure null termination */
346
#if defined(unix) && !defined(GO32)
349
- strcpy (rcname, getenv("HOME"));
350
- strcat (rcname, "/.tweakrc");
351
+ strncpy (rcname, getenv("HOME"), sizeof(rcname) - 1);
352
+ strncat (rcname, "/.tweakrc", sizeof(rcname) - (1 + strlen(rcname)));
355
* Use environment variable TWEAKRC if set. Otherwise, look for
356
@@ -160,19 +161,19 @@
357
* and failing everything else, try C:\TWEAK\TWEAK.RC.
359
if (getenv("TWEAKRC"))
360
- strcpy (rcname, getenv("TWEAKRC"));
361
+ strncpy (rcname, getenv("TWEAKRC"), sizeof(rcname) - 1);
363
if ( (q = strrchr(pname, '\\')) != NULL) {
366
strncpy (rcname, pname, q+1-pname);
367
- strcpy (rcname+(q+1-pname), "TWEAK.RC");
368
+ strncpy (rcname+(q+1-pname), "TWEAK.RC", sizeof(rcname) - (2+q-pname));
369
if ( (tempfp = fopen(rcname, "r")) != NULL)
372
- strcpy (rcname, "C:\\TWEAK\\TWEAK.RC");
373
+ strncpy (rcname, "C:\\TWEAK\\TWEAK.RC", sizeof(rcname-1));
375
- strcpy (rcname, "C:\\TWEAK\\TWEAK.RC");
376
+ strncpy (rcname, "C:\\TWEAK\\TWEAK.RC", sizeof(rcname-1));
384
- strcpy (rcbuffer, *p++);
385
+ strncpy (rcbuffer, *p++, sizeof(rcbuffer));
389
diff -urNad tweak~/slang.c tweak/slang.c
390
--- tweak~/slang.c 2007-03-14 00:42:05.000000000 -0400
391
+++ tweak/slang.c 2008-03-16 20:06:29.796165664 -0400
396
- sprintf(cname, "colour%d", colour);
397
+ snprintf(cname, sizeof(cname), "colour%d", colour);
399
SLtt_set_color(colour, cname, colours[fg], colours[bg]);