gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [libmicrohttpd] branch master updated: make checkers happie


From: gnunet
Subject: [GNUnet-SVN] [libmicrohttpd] branch master updated: make checkers happier by reducing use of strcpy and strcat
Date: Thu, 22 Feb 2018 18:35:10 +0100

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository libmicrohttpd.

The following commit(s) were added to refs/heads/master by this push:
     new f6c647f6 make checkers happier by reducing use of strcpy and strcat
f6c647f6 is described below

commit f6c647f638a2f8da434daadf4fef8fb5d4e3124c
Author: Christian Grothoff <address@hidden>
AuthorDate: Thu Feb 22 18:35:08 2018 +0100

    make checkers happier by reducing use of strcpy and strcat
---
 doc/examples/tlsauthentication.c   | 52 +++++++++++++++++++++-----------------
 src/lib/connection_call_handlers.c | 12 ++++++---
 src/microhttpd/connection.c        | 12 ++++++---
 src/microhttpd/digestauth.c        |  9 ++++---
 4 files changed, 51 insertions(+), 34 deletions(-)

diff --git a/doc/examples/tlsauthentication.c b/doc/examples/tlsauthentication.c
index 293e5e65..4c512a3b 100644
--- a/doc/examples/tlsauthentication.c
+++ b/doc/examples/tlsauthentication.c
@@ -124,6 +124,7 @@ ask_for_authentication (struct MHD_Connection *connection, 
const char *realm)
   int ret;
   struct MHD_Response *response;
   char *headervalue;
+  size_t slen;
   const char *strbase = "Basic realm=";
 
   response = MHD_create_response_from_buffer (0, NULL,
@@ -131,37 +132,44 @@ ask_for_authentication (struct MHD_Connection 
*connection, const char *realm)
   if (!response)
     return MHD_NO;
 
-  headervalue = malloc (strlen (strbase) + strlen (realm) + 1);
-  if (!headervalue)
+  slen = strlen (strbase) + strlen (realm) + 1;
+  if (NULL == (headervalue = malloc (slen)))
     return MHD_NO;
-
-  strcpy (headervalue, strbase);
-  strcat (headervalue, realm);
-
-  ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue);
+  snprintf (headervalue,
+           slen,
+           "%s%s",
+           strbase,
+           realm);
+  ret = MHD_add_response_header (response,
+                                "WWW-Authenticate",
+                                headervalue);
   free (headervalue);
-  if (!ret)
+  if (! ret)
     {
       MHD_destroy_response (response);
       return MHD_NO;
     }
 
-  ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
-
+  ret = MHD_queue_response (connection,
+                           MHD_HTTP_UNAUTHORIZED,
+                           response);
   MHD_destroy_response (response);
-
   return ret;
 }
 
+
 static int
 is_authenticated (struct MHD_Connection *connection,
-                  const char *username, const char *password)
+                  const char *username,
+                 const char *password)
 {
   const char *headervalue;
-  char *expected_b64, *expected;
+  char *expected_b64;
+  char *expected;
   const char *strbase = "Basic ";
   int authenticated;
-
+  size_t slen;
+  
   headervalue =
     MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
                                  "Authorization");
@@ -170,14 +178,14 @@ is_authenticated (struct MHD_Connection *connection,
   if (0 != strncmp (headervalue, strbase, strlen (strbase)))
     return 0;
 
-  expected = malloc (strlen (username) + 1 + strlen (password) + 1);
-  if (NULL == expected)
+  slen = strlen (username) + 1 + strlen (password) + 1;
+  if (NULL == (expected = malloc (slen)))
     return 0;
-
-  strcpy (expected, username);
-  strcat (expected, ":");
-  strcat (expected, password);
-
+  snprintf (expected,
+           slen,
+           "%s:%s",
+           username,
+           password);
   expected_b64 = string_to_base64 (expected);
   free (expected);
   if (NULL == expected_b64)
@@ -185,9 +193,7 @@ is_authenticated (struct MHD_Connection *connection,
 
   authenticated =
     (strcmp (headervalue + strlen (strbase), expected_b64) == 0);
-
   free (expected_b64);
-
   return authenticated;
 }
 
diff --git a/src/lib/connection_call_handlers.c 
b/src/lib/connection_call_handlers.c
index a6358cce..7bdf8611 100644
--- a/src/lib/connection_call_handlers.c
+++ b/src/lib/connection_call_handlers.c
@@ -1233,6 +1233,7 @@ build_header_response (struct MHD_Request *request)
   struct MHD_HTTP_Header *pos;
   char code[256];
   char date[128];
+  size_t datelen;
   char content_length_buf[128];
   size_t content_length_len;
   char *data;
@@ -1290,7 +1291,8 @@ build_header_response (struct MHD_Request *request)
                         sizeof (date));
       else
         date[0] = '\0';
-      size += strlen (date);
+      datelen = strlen (date);
+      size += datelen;
     }
   else
     {
@@ -1298,6 +1300,7 @@ build_header_response (struct MHD_Request *request)
       size = 2;
       kind = MHD_FOOTER_KIND;
       off = 0;
+      datelen = 0;
     }
 
   /* calculate extra headers we need to add, such as 'Connection: close',
@@ -1548,9 +1551,10 @@ build_header_response (struct MHD_Request *request)
     }
   if (MHD_REQUEST_FOOTERS_RECEIVED == request->state)
     {
-      strcpy (&data[off],
-              date);
-      off += strlen (date);
+      memcpy (&data[off],
+              date,
+             datelen);
+      off += datelen;
     }
   memcpy (&data[off],
           "\r\n",
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 6a58e04a..0afbe2ac 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -1407,6 +1407,7 @@ build_header_response (struct MHD_Connection *connection)
   struct MHD_HTTP_Header *pos;
   char code[256];
   char date[128];
+  size_t datelen;
   char content_length_buf[128];
   size_t content_length_len;
   char *data;
@@ -1461,7 +1462,8 @@ build_header_response (struct MHD_Connection *connection)
                         sizeof (date));
       else
         date[0] = '\0';
-      size += strlen (date);
+      datelen = strlen (date);
+      size += datelen;
     }
   else
     {
@@ -1469,6 +1471,7 @@ build_header_response (struct MHD_Connection *connection)
       size = 2;
       kind = MHD_FOOTER_KIND;
       off = 0;
+      datelen = 0;
     }
 
   /* calculate extra headers we need to add, such as 'Connection: close',
@@ -1713,9 +1716,10 @@ build_header_response (struct MHD_Connection *connection)
     }
   if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state)
     {
-      strcpy (&data[off],
-              date);
-      off += strlen (date);
+      memcpy (&data[off],
+              date,
+             datelen);
+      off += datelen;
     }
   memcpy (&data[off],
           "\r\n",
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index f95f4d62..b0e7ce00 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection,
   uint32_t off;
   uint32_t mod;
   const char *np;
+  size_t noncelen;
 
-  if (MAX_NONCE_LENGTH <= strlen (nonce))
+  noncelen = strlen (nonce) + 1;
+  if (MAX_NONCE_LENGTH < noncelen)
     return MHD_NO; /* This should be impossible, but static analysis
                       tools have a hard time with it *and* this also
                       protects against unsafe modifications that may
@@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection,
   if (0 == nc)
     {
       /* Fresh nonce, reinitialize array */
-      strcpy (nn->nonce,
-             nonce);
+      memcpy (nn->nonce,
+             nonce,
+             noncelen);
       nn->nc = 0;
       nn->nmask = 0;
       MHD_mutex_unlock_chk_ (&daemon->nnc_lock);

-- 
To stop receiving notification emails like this one, please contact
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]