summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-03-06 13:27:51 +0100
committerDaniel Stenberg <daniel@haxx.se>2013-03-07 11:08:05 +0100
commit7f963a19ecbceef5d7e95e677ccc089d04ef987f (patch)
tree459db8c1b5d5243e9b5e3ebfd3e8974131d321de
parent9ceee69ff7d6139de759a4f25051e0d661e0c2b0 (diff)
downloadcurl-7f963a19ecbceef5d7e95e677ccc089d04ef987f.tar.gz
checksrc: ban unsafe functions
The list of unsafe functions currently consists of sprintf, vsprintf, strcat, strncat and gets. Subsequently, some existing code needed updating to avoid warnings on this.
-rw-r--r--include/curl/mprintf.h4
-rwxr-xr-xlib/checksrc.pl8
-rw-r--r--lib/ftp.c17
-rw-r--r--lib/http_digest.c8
-rw-r--r--lib/mprintf.c117
-rw-r--r--src/tool_dirhie.c10
-rw-r--r--src/tool_operate.c14
-rw-r--r--src/tool_operhlp.c14
-rw-r--r--src/tool_parsecfg.c23
-rw-r--r--src/tool_setopt.c8
10 files changed, 64 insertions, 159 deletions
diff --git a/include/curl/mprintf.h b/include/curl/mprintf.h
index de7dd2f3c..cc9e7f5d1 100644
--- a/include/curl/mprintf.h
+++ b/include/curl/mprintf.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -58,7 +58,7 @@ CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
# define printf curl_mprintf
# define fprintf curl_mfprintf
#ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf() functions since we
+/* When built with CURLDEBUG we define away the sprintf functions since we
don't want internal code to be using them */
# define sprintf sprintf_was_used
# define vsprintf vsprintf_was_used
diff --git a/lib/checksrc.pl b/lib/checksrc.pl
index 9f5058ddb..f561492a7 100755
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -6,7 +6,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -153,6 +153,12 @@ sub scanfile {
checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
}
+ # scan for use of banned functions
+ if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) {
+ checkwarn($line, length($1), $file, $l,
+ "use of $2 is banned");
+ }
+
# check for open brace first on line but not first column
# only alert if previous line ended with a close paren and wasn't a cpp
# line
diff --git a/lib/ftp.c b/lib/ftp.c
index dc9fc4816..d9b854783 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -3978,16 +3978,11 @@ static CURLcode wc_statemach(struct connectdata *conn)
/* filelist has at least one file, lets get first one */
struct ftp_conn *ftpc = &conn->proto.ftpc;
struct curl_fileinfo *finfo = wildcard->filelist->head->ptr;
- char *tmp_path = malloc(strlen(conn->data->state.path) +
- strlen(finfo->filename) + 1);
- if(!tmp_path) {
+
+ char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
+ if(!tmp_path)
return CURLE_OUT_OF_MEMORY;
- }
- tmp_path[0] = 0;
- /* make full path to matched file */
- strcat(tmp_path, wildcard->path);
- strcat(tmp_path, finfo->filename);
/* switch default "state.pathbuffer" and tmp_path, good to see
ftp_parse_url_path function to understand this trick */
Curl_safefree(conn->data->state.pathbuffer);
@@ -4124,13 +4119,13 @@ CURLcode Curl_ftpsendf(struct connectdata *conn,
va_list ap;
va_start(ap, fmt);
- vsnprintf(s, SBUF_SIZE-3, fmt, ap);
+ write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap);
va_end(ap);
- strcat(s, "\r\n"); /* append a trailing CRLF */
+ strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
+ write_len +=2;
bytes_written=0;
- write_len = strlen(s);
res = Curl_convert_to_network(conn->data, s, write_len);
/* Curl_convert_to_network calls failf if unsuccessful */
diff --git a/lib/http_digest.c b/lib/http_digest.c
index f9f20d487..43513966b 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -287,6 +287,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
struct timeval now;
char **allocuserpwd;
+ size_t userlen;
const char *userp;
const char *passwdp;
struct auth *authp;
@@ -533,10 +534,11 @@ CURLcode Curl_output_digest(struct connectdata *conn,
}
/* append CRLF + zero (3 bytes) to the userpwd header */
- tmp = realloc(*allocuserpwd, strlen(*allocuserpwd) + 3);
+ userlen = strlen(*allocuserpwd);
+ tmp = realloc(*allocuserpwd, userlen + 3);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
- strcat(tmp, "\r\n");
+ strcpy(&tmp[userlen], "\r\n"); /* append the data */
*allocuserpwd = tmp;
return CURLE_OK;
diff --git a/lib/mprintf.c b/lib/mprintf.c
index b5b81536a..2ec4a7534 100644
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -203,101 +203,6 @@ static int dprintf_IsQualifierNoDollar(char c)
}
}
-#ifdef DPRINTF_DEBUG2
-static void dprintf_Pass1Report(va_stack_t *vto, int max)
-{
- int i;
- char buffer[256];
- int bit;
- int flags;
-
- for(i=0; i<max; i++) {
- char *type;
- switch(vto[i].type) {
- case FORMAT_UNKNOWN:
- type = "unknown";
- break;
- case FORMAT_STRING:
- type ="string";
- break;
- case FORMAT_PTR:
- type ="pointer";
- break;
- case FORMAT_INT:
- type = "int";
- break;
- case FORMAT_INTPTR:
- type = "intptr";
- break;
- case FORMAT_LONG:
- type = "long";
- break;
- case FORMAT_LONGLONG:
- type = "long long";
- break;
- case FORMAT_DOUBLE:
- type = "double";
- break;
- case FORMAT_LONGDOUBLE:
- type = "long double";
- break;
- }
-
-
- buffer[0]=0;
-
- for(bit=0; bit<31; bit++) {
- flags = vto[i].flags & (1<<bit);
-
- if(flags & FLAGS_SPACE)
- strcat(buffer, "space ");
- else if(flags & FLAGS_SHOWSIGN)
- strcat(buffer, "plus ");
- else if(flags & FLAGS_LEFT)
- strcat(buffer, "left ");
- else if(flags & FLAGS_ALT)
- strcat(buffer, "alt ");
- else if(flags & FLAGS_SHORT)
- strcat(buffer, "short ");
- else if(flags & FLAGS_LONG)
- strcat(buffer, "long ");
- else if(flags & FLAGS_LONGLONG)
- strcat(buffer, "longlong ");
- else if(flags & FLAGS_LONGDOUBLE)
- strcat(buffer, "longdouble ");
- else if(flags & FLAGS_PAD_NIL)
- strcat(buffer, "padnil ");
- else if(flags & FLAGS_UNSIGNED)
- strcat(buffer, "unsigned ");
- else if(flags & FLAGS_OCTAL)
- strcat(buffer, "octal ");
- else if(flags & FLAGS_HEX)
- strcat(buffer, "hex ");
- else if(flags & FLAGS_UPPER)
- strcat(buffer, "upper ");
- else if(flags & FLAGS_WIDTH)
- strcat(buffer, "width ");
- else if(flags & FLAGS_WIDTHPARAM)
- strcat(buffer, "widthparam ");
- else if(flags & FLAGS_PREC)
- strcat(buffer, "precision ");
- else if(flags & FLAGS_PRECPARAM)
- strcat(buffer, "precparam ");
- else if(flags & FLAGS_CHAR)
- strcat(buffer, "char ");
- else if(flags & FLAGS_FLOATE)
- strcat(buffer, "floate ");
- else if(flags & FLAGS_FLOATG)
- strcat(buffer, "floatg ");
- }
- printf("REPORT: %d. %s [%s]\n", i, type, buffer);
-
- }
-
-
-}
-#endif
-
/******************************************************************
*
* Pass 1:
@@ -537,10 +442,6 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
}
}
-#ifdef DPRINTF_DEBUG2
- dprintf_Pass1Report(vto, max_param);
-#endif
-
/* Read the arg list parameters into our data list */
for(i=0; i<max_param; i++) {
if((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH)) {
@@ -919,7 +820,7 @@ static int dprintf_formatf(
case FORMAT_DOUBLE:
{
char formatbuf[32]="%";
- char *fptr;
+ char *fptr = &formatbuf[1];
size_t left = sizeof(formatbuf)-strlen(formatbuf);
int len;
@@ -936,15 +837,15 @@ static int dprintf_formatf(
prec = (long)vto[p->precision].data.num.as_signed;
if(p->flags & FLAGS_LEFT)
- strcat(formatbuf, "-");
+ *fptr++ = '-';
if(p->flags & FLAGS_SHOWSIGN)
- strcat(formatbuf, "+");
+ *fptr++ = '+';
if(p->flags & FLAGS_SPACE)
- strcat(formatbuf, " ");
+ *fptr++ = ' ';
if(p->flags & FLAGS_ALT)
- strcat(formatbuf, "#");
+ *fptr++ = '#';
- fptr=&formatbuf[strlen(formatbuf)];
+ *fptr = 0;
if(width >= 0) {
/* RECURSIVE USAGE */
@@ -969,8 +870,8 @@ static int dprintf_formatf(
*fptr = 0; /* and a final zero termination */
- /* NOTE NOTE NOTE!! Not all sprintf() implementations returns number
- of output characters */
+ /* NOTE NOTE NOTE!! Not all sprintf implementations return number of
+ output characters */
(sprintf)(work, formatbuf, p->data.dnum);
for(fptr=work; *fptr; fptr++)
diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c
index 4ba1c4375..5965f7a74 100644
--- a/src/tool_dirhie.c
+++ b/src/tool_dirhie.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -98,12 +98,14 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors)
char *outdup;
char *dirbuildup;
CURLcode result = CURLE_OK;
+ size_t outlen;
+ outlen = strlen(outfile);
outdup = strdup(outfile);
if(!outdup)
return CURLE_OUT_OF_MEMORY;
- dirbuildup = malloc(strlen(outfile) + 1);
+ dirbuildup = malloc(outlen + 1);
if(!dirbuildup) {
Curl_safefree(outdup);
return CURLE_OUT_OF_MEMORY;
@@ -119,12 +121,12 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors)
if(tempdir2 != NULL) {
size_t dlen = strlen(dirbuildup);
if(dlen)
- sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);
+ snprintf(&dirbuildup[dlen], outlen - dlen, "%s%s", DIR_CHAR, tempdir);
else {
if(0 != strncmp(outdup, DIR_CHAR, 1))
strcpy(dirbuildup, tempdir);
else
- sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);
+ snprintf(dirbuildup, outlen, "%s%s", DIR_CHAR, tempdir);
}
if(access(dirbuildup, F_OK) == -1) {
if(-1 == mkdir(dirbuildup,(mode_t)0000750)) {
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 5e73d86d4..3151f416f 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -805,18 +805,18 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
/*
* Then append ? followed by the get fields to the url.
*/
- urlbuffer = malloc(strlen(this_url) + strlen(httpgetfields) + 3);
- if(!urlbuffer) {
- res = CURLE_OUT_OF_MEMORY;
- goto show_error;
- }
if(pc)
- sprintf(urlbuffer, "%s%c%s", this_url, sep, httpgetfields);
+ urlbuffer = aprintf("%s%c%s", this_url, sep, httpgetfields);
else
/* Append / before the ? to create a well-formed url
if the url contains a hostname only
*/
- sprintf(urlbuffer, "%s/?%s", this_url, httpgetfields);
+ urlbuffer = aprintf("%s/?%s", this_url, httpgetfields);
+
+ if(!urlbuffer) {
+ res = CURLE_OUT_OF_MEMORY;
+ goto show_error;
+ }
Curl_safefree(this_url); /* free previous URL */
this_url = urlbuffer; /* use our new URL instead! */
diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c
index 631488727..d3c1a88a9 100644
--- a/src/tool_operhlp.c
+++ b/src/tool_operhlp.c
@@ -123,22 +123,20 @@ char *add_file_name_to_url(CURL *curl, char *url, const char *filename)
/* URL encode the file name */
encfile = curl_easy_escape(curl, filep, 0 /* use strlen */);
if(encfile) {
- char *urlbuffer = malloc(strlen(url) + strlen(encfile) + 3);
- if(!urlbuffer) {
- curl_free(encfile);
- Curl_safefree(url);
- return NULL;
- }
+ char *urlbuffer;
if(ptr)
/* there is a trailing slash on the URL */
- sprintf(urlbuffer, "%s%s", url, encfile);
+ urlbuffer = aprintf("%s%s", url, encfile);
else
/* there is no trailing slash on the URL */
- sprintf(urlbuffer, "%s/%s", url, encfile);
+ urlbuffer = aprintf("%s/%s", url, encfile);
curl_free(encfile);
Curl_safefree(url);
+ if(!urlbuffer)
+ return NULL;
+
url = urlbuffer; /* use our new URL instead! */
}
}
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index 561dada11..680688ab7 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -275,32 +275,33 @@ static char *my_get_line(FILE *fp)
{
char buf[4096];
char *nl = NULL;
- char *retval = NULL;
+ char *line = NULL;
do {
if(NULL == fgets(buf, sizeof(buf), fp))
break;
- if(!retval) {
- retval = strdup(buf);
- if(!retval)
+ if(!line) {
+ line = strdup(buf);
+ if(!line)
return NULL;
}
else {
char *ptr;
- ptr = realloc(retval, strlen(retval) + strlen(buf) + 1);
+ size_t linelen = strlen(line);
+ ptr = realloc(line, linelen + strlen(buf) + 1);
if(!ptr) {
- Curl_safefree(retval);
+ Curl_safefree(line);
return NULL;
}
- retval = ptr;
- strcat(retval, buf);
+ line = ptr;
+ strcpy(&line[linelen], buf);
}
- nl = strchr(retval, '\n');
+ nl = strchr(line, '\n');
} while(!nl);
if(nl)
*nl = '\0';
- return retval;
+ return line;
}
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index 4014177f2..4493e5f8d 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -199,7 +199,7 @@ static char *c_escape(const char *str)
e += 2;
}
else if(! isprint(c)) {
- sprintf(e, "\\%03o", c);
+ snprintf(e, 4, "\\%03o", c);
e += 4;
}
else
@@ -270,7 +270,7 @@ CURLcode tool_setopt_flags(CURL *curl, struct Configurable *config,
if(!rest)
break; /* handled them all */
/* replace with all spaces for continuation line */
- sprintf(preamble, "%*s", strlen(preamble), "");
+ snprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
}
}
/* If any bits have no definition, output an explicit value.
@@ -313,7 +313,7 @@ CURLcode tool_setopt_bitmask(CURL *curl, struct Configurable *config,
if(!rest)
break; /* handled them all */
/* replace with all spaces for continuation line */
- sprintf(preamble, "%*s", strlen(preamble), "");
+ snprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
}
}
/* If any bits have no definition, output an explicit value.