Don't use sprintf, strcpy, or strcat.

2025-12-25 04:45:56 +00:00 · 2007-03-12 00:04:11 +00:00
parent 305675cc3b
commit 5a62e83689
6 changed files with 37 additions and 20 deletions
--- a/cli/transmissioncli.c
+++ b/cli/transmissioncli.c
@@ -112,7 +112,7 @@ int main( int argc, char ** argv )
    if( verboseLevel )
    {
        static char env[11];
-        sprintf( env, "TR_DEBUG=%d", verboseLevel );
+        snprintf( env, sizeof env, "TR_DEBUG=%d", verboseLevel );
        putenv( env );
    }

--- a/gtk/util.c
+++ b/gtk/util.c
@@ -281,17 +281,16 @@ addactionflag(const char *action) {
 }

 const char *
-addactionname(guint flag) {
-  static char name[6];
+addactionname( guint flag )
+{
+    static char name[6];

-  if(TR_TORNEW_SAVE_COPY & flag)
-    strcpy(name, "copy");
-  else if(TR_TORNEW_SAVE_MOVE & flag)
-    strcpy(name, "move");
-  else
-    strcpy(name, "leave");
+    snprintf( name, sizeof name, "%s",
+              ( TR_TORNEW_SAVE_COPY & flag ? "copy" :
+              ( TR_TORNEW_SAVE_MOVE & flag ? "move" :
+                                             "leave" ) ) );

-  return name;
+    return name;
 }

 GList *
@@ -323,7 +322,7 @@ getdownloaddir( void )
            wd = g_new( char, MAX_PATH_LENGTH + 1 );
            if( NULL == getcwd( wd, MAX_PATH_LENGTH + 1 ) )
            {
-                strcpy( wd, "." );
+                snprintf( wd, MAX_PATH_LENGTH + 1, "." );
            }
        }
        dir = wd;
--- a/libtransmission/metainfo.c
+++ b/libtransmission/metainfo.c
@@ -115,7 +115,8 @@ int tr_metainfoParse( tr_info_t * inf, const char * path,
          (long) beInfo->end - (long) beInfo->begin, inf->hash );
    for( i = 0; i < SHA_DIGEST_LENGTH; i++ )
    {
-        sprintf( inf->hashString + i * 2, "%02x", inf->hash[i] );
+        snprintf( inf->hashString + i * 2, sizeof( inf->hashString ) - i * 2,
+                  "%02x", inf->hash[i] );
    }

    if( saveCopy )
@@ -494,7 +495,8 @@ static char * announceToScrape( const char * announce )
    char new[]  = "scrape";
    int  newlen = 6;
    char * slash, * scrape;
-    
+    size_t scrapelen, used;
+
    slash = strrchr( announce, '/' );
    if( NULL == slash )
    {
@@ -507,10 +509,23 @@ static char * announceToScrape( const char * announce )
        return NULL;
    }

-    scrape = calloc( strlen( announce ) - oldlen + newlen + 1, 1 );
-    strncat( scrape, announce, slash - announce );
-    strcat(  scrape, new );
-    strcat(  scrape, slash + oldlen );
+    scrapelen = strlen( announce ) - oldlen + newlen;
+    scrape = calloc( scrapelen + 1, 1 );
+    if( NULL == scrape )
+    {
+        return NULL;
+    }
+    assert( ( size_t )( slash - announce ) < scrapelen );
+    memcpy( scrape, announce, slash - announce );
+    used = slash - announce;
+    strncat( scrape, new, scrapelen - used );
+    used += newlen;
+    assert( strlen( scrape ) == used );
+    if( used < scrapelen )
+    {
+        assert( strlen( slash + oldlen ) == scrapelen - used );
+        strncat( scrape, slash + oldlen, scrapelen - used );
+    }

    return scrape;
 }
--- a/libtransmission/peer.c
+++ b/libtransmission/peer.c
@@ -113,7 +113,7 @@ static void __peer_dbg( tr_peer_t * peer, char * msg, ... )
    va_list args;

    va_start( args, msg );
-    sprintf( string, "%08x:%04x ",
+    snprintf( string, sizeof string, "%08x:%04x ",
             (uint32_t) peer->addr.s_addr, peer->port );
    vsnprintf( &string[14], sizeof( string ) - 14, msg, args );
    va_end( args ); 
--- a/libtransmission/torrent.c
+++ b/libtransmission/torrent.c
@@ -127,7 +127,9 @@ static tr_torrent_t * torrentRealInit( tr_handle_t * h, tr_torrent_t * tor,
    /* Escaped info hash for HTTP queries */
    for( i = 0; i < SHA_DIGEST_LENGTH; i++ )
    {
-        sprintf( &tor->escapedHashString[3*i], "%%%02x", inf->hash[i] );
+        snprintf( &tor->escapedHashString[3*i],
+                  sizeof( tor->escapedHashString ) - 3 * i,
+                  "%%%02x", inf->hash[i] );
    }

    /* Block size: usually 16 ko, or less if we have to */
--- a/libtransmission/transmission.c
+++ b/libtransmission/transmission.c
@@ -43,7 +43,8 @@ tr_handle_t * tr_init()
    /* Generate a peer id : "-TRxxyy-" + 12 random alphanumeric
       characters, where xx is the major version number and yy the
       minor version number (Azureus-style) */
-    sprintf( h->id, "-TR%02d%02d-", VERSION_MAJOR, VERSION_MINOR );
+    snprintf( h->id, sizeof h->id, "-TR%02d%02d-",
+              VERSION_MAJOR, VERSION_MINOR );
    for( i = 8; i < 20; i++ )
    {
        r        = tr_rand( 36 );