# HG changeset patch # User Ethan Blanton # Date 1313073884 0 # Node ID ac43f26c7f610370e64cd4f2ce9d2f7e5f8ac71a # Parent db4e78a1f46b6f9a7272b54541b6bd6838d80837# Parent c563769843b2df128100f4f6db57454f200084bb merge of '269c6e29c67a1c066871499e76575d4700bf6744' and 'f456e895f18adad6c0e3178c99a73f6fbd439487' diff -r c563769843b2 -r ac43f26c7f61 ChangeLog --- a/ChangeLog Thu Aug 11 08:28:31 2011 +0000 +++ b/ChangeLog Thu Aug 11 14:44:44 2011 +0000 @@ -12,6 +12,13 @@ libpurple: * Fix a potential crash in the Log Reader plugin when reading QIP logs. + Libpurple: + * Fix a large number of strcpy() and strcat() invocations to use + strlcpy() and strlcat(), etc., forestalling an entire class of + string buffer overrun bugs. + (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, + Jacob Appelbaum) + Gadu-Gadu: * Fixed searching for buddies in public directory. (Tomasz Wasilczyk) (#5242) diff -r c563769843b2 -r ac43f26c7f61 libpurple/plugins/tcl/tcl_ref.c --- a/libpurple/plugins/tcl/tcl_ref.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/plugins/tcl/tcl_ref.c Thu Aug 11 14:44:44 2011 +0000 @@ -92,6 +92,7 @@ static void purple_tcl_ref_update(Tcl_Obj *obj) { + size_t len; /* This is ugly on memory, but we pretty much have to either * do this or guesstimate lengths or introduce a varargs * function in here ... ugh. */ @@ -100,8 +101,9 @@ OBJ_REF_VALUE(obj)); obj->length = strlen(bytes); - obj->bytes = ckalloc(obj->length + 1); - strcpy(obj->bytes, bytes); + len = obj->length + 1; + obj->bytes = ckalloc(len); + g_strlcpy(obj->bytes, bytes, len); g_free(bytes); } diff -r c563769843b2 -r ac43f26c7f61 libpurple/plugins/tcl/tcl_signals.c --- a/libpurple/plugins/tcl/tcl_signals.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/plugins/tcl/tcl_signals.c Thu Aug 11 14:44:44 2011 +0000 @@ -259,8 +259,9 @@ vals[i] = ckalloc(1); *(char *)vals[i] = '\0'; } else { - vals[i] = ckalloc(strlen(*strs[i]) + 1); - strcpy(vals[i], *strs[i]); + size_t len = strlen(*strs[i]) + 1; + vals[i] = ckalloc(len); + g_strlcpy(vals[i], *strs[i], len); } Tcl_LinkVar(handler->interp, name->str, (char *)&vals[i], TCL_LINK_STRING); diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/jabber/jabber.c --- a/libpurple/protocols/jabber/jabber.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/jabber/jabber.c Thu Aug 11 14:44:44 2011 +0000 @@ -199,7 +199,7 @@ hostname, so maybe we want to detect that and use it instead */ - strcpy(hostname, "localhost"); + g_strlcpy(hostname, "localhost", sizeof(hostname)); } hostname[sizeof(hostname) - 1] = '\0'; diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/jabber/win32/posix.uname.c --- a/libpurple/protocols/jabber/win32/posix.uname.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/jabber/win32/posix.uname.c Thu Aug 11 14:44:44 2011 +0000 @@ -54,32 +54,32 @@ GetVersionEx ( &OS_version ); GetSystemInfo ( &System_Info ); - strcpy( uts->sysname, "WIN32_" ); + g_strlcpy( uts->sysname, "WIN32_" , sizeof(uts->sysname)); switch( OS_version.dwPlatformId ) { case VER_PLATFORM_WIN32_NT: - strcat( uts->sysname, "WinNT" ); + g_strlcat( uts->sysname, "WinNT", sizeof(uts->sysname) ); MingwOS = WinNT; break; case VER_PLATFORM_WIN32_WINDOWS: switch ( OS_version.dwMinorVersion ) { case 0: - strcat( uts->sysname, "Win95" ); + g_strlcat( uts->sysname, "Win95", sizeof(uts->sysname) ); MingwOS = Win95; break; case 10: - strcat( uts->sysname, "Win98" ); + g_strlcat( uts->sysname, "Win98", sizeof(uts->sysname) ); MingwOS = Win98; break; default: - strcat( uts->sysname, "Win??" ); + g_strlcat( uts->sysname, "Win??", sizeof(uts->sysname) ); MingwOS = unknown; break; } break; default: - strcat( uts->sysname, "Win??" ); + g_strlcat( uts->sysname, "Win??", sizeof(uts->sysname) ); MingwOS = unknown; break; } @@ -92,13 +92,13 @@ switch( System_Info.wProcessorArchitecture ) { case PROCESSOR_ARCHITECTURE_PPC: - strcpy( uts->machine, "ppc" ); + g_strlcpy( uts->machine, "ppc" , sizeof( uts->machine ) ); break; case PROCESSOR_ARCHITECTURE_ALPHA: - strcpy( uts->machine, "alpha" ); + g_strlcpy( uts->machine, "alpha" , sizeof( uts->machine ) ); break; case PROCESSOR_ARCHITECTURE_MIPS: - strcpy( uts->machine, "mips" ); + g_strlcpy( uts->machine, "mips" , sizeof( uts->machine ) ); break; case PROCESSOR_ARCHITECTURE_INTEL: /* dwProcessorType is only valid in Win95 and Win98 @@ -115,7 +115,7 @@ sprintf( uts->machine, "i%ld", System_Info.dwProcessorType ); break; default: - strcpy( uts->machine, "i386" ); + g_strlcpy( uts->machine, "i386" , sizeof( uts->machine ) ); break; } break; @@ -123,12 +123,12 @@ sprintf( uts->machine, "i%d86", System_Info.wProcessorLevel ); break; default: - strcpy( uts->machine, "unknown" ); + g_strlcpy( uts->machine, "unknown" , sizeof( uts->machine ) ); break; } break; default: - strcpy( uts->machine, "unknown" ); + g_strlcpy( uts->machine, "unknown" , sizeof( uts->machine ) ); break; } diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/msn/msn.c --- a/libpurple/protocols/msn/msn.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/msn/msn.c Thu Aug 11 14:44:44 2011 +0000 @@ -265,9 +265,9 @@ } if (real_alias[0] == '\0') - strcpy(real_alias, purple_account_get_username(account)); + g_strlcpy(real_alias, purple_account_get_username(account), sizeof(real_alias)); } else - strcpy(real_alias, purple_account_get_username(account)); + g_strlcpy(real_alias, purple_account_get_username(account), sizeof(real_alias)); closure = g_new0(struct public_alias_closure, 1); closure->account = account; diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/mxit/cipher.c --- a/libpurple/protocols/mxit/cipher.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/mxit/cipher.c Thu Aug 11 14:44:44 2011 +0000 @@ -84,12 +84,12 @@ pass[sizeof( pass ) - 1] = '\0'; /* build the custom AES encryption key */ - strcpy( key, INITIAL_KEY ); + g_strlcpy( key, INITIAL_KEY, sizeof( key ) ); memcpy( key, session->clientkey, strlen( session->clientkey ) ); ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); /* build the custom data to be encrypted */ - strcpy( pass, SECRET_HEADER ); + g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) ); strcat( pass, session->acc->password ); /* pad the secret data */ diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/zephyr/ZAsyncLocate.c --- a/libpurple/protocols/zephyr/ZAsyncLocate.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/zephyr/ZAsyncLocate.c Thu Aug 11 14:44:44 2011 +0000 @@ -18,6 +18,7 @@ { int retval; ZNotice_t notice; + size_t userlen, versionlen; if (ZGetFD() < 0) if ((retval = ZOpenPort((unsigned short *)0)) != ZERR_NONE) @@ -37,16 +38,18 @@ if ((retval = ZSendNotice(¬ice, auth)) != ZERR_NONE) return(retval); - if ((zald->user = (char *) malloc(strlen(user)+1)) == NULL) { + userlen = strlen(user) + 1; + versionlen = strlen(notice.z_version) + 1; + if ((zald->user = (char *) malloc(userlen)) == NULL) { return(ENOMEM); } - if ((zald->version = (char *) malloc(strlen(notice.z_version)+1)) == NULL) { + if ((zald->version = (char *) malloc(versionlen)) == NULL) { free(zald->user); return(ENOMEM); } zald->uid = notice.z_multiuid; - strcpy(zald->user,user); - strcpy(zald->version,notice.z_version); + g_strlcpy(zald->user,user,userlen); + g_strlcpy(zald->version,notice.z_version,versionlen); return(ZERR_NONE); } @@ -109,35 +112,38 @@ __locate_list[i].host = (char *) malloc(len); if (!__locate_list[i].host) return (ENOMEM); - (void) strcpy(__locate_list[i].host, ptr); + g_strlcpy(__locate_list[i].host, ptr,len); ptr += len; len = strlen (ptr) + 1; __locate_list[i].time = (char *) malloc(len); if (!__locate_list[i].time) return (ENOMEM); - (void) strcpy(__locate_list[i].time, ptr); + g_strlcpy(__locate_list[i].time, ptr,len); ptr += len; len = strlen (ptr) + 1; __locate_list[i].tty = (char *) malloc(len); if (!__locate_list[i].tty) return (ENOMEM); - (void) strcpy(__locate_list[i].tty, ptr); + g_strlcpy(__locate_list[i].tty, ptr,len); ptr += len; } __locate_next = 0; *nlocs = __locate_num; if (user) { + size_t len; if (zald) { - if ((*user = (char *) malloc(strlen(zald->user)+1)) == NULL) + len = strlen(zald->user) + 1; + if ((*user = (char *) malloc(len)) == NULL) return(ENOMEM); - strcpy(*user,zald->user); + g_strlcpy(*user,zald->user,len); } else { - if ((*user = (char *) malloc(strlen(notice->z_class_inst)+1)) == NULL) + len = strlen(notice->z_class_inst) + 1; + if ((*user = (char *) malloc(len)) == NULL) return(ENOMEM); - strcpy(*user,notice->z_class_inst); + g_strlcpy(*user,notice->z_class_inst,len); } } return (ZERR_NONE); diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/zephyr/ZInit.c --- a/libpurple/protocols/zephyr/ZInit.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/zephyr/ZInit.c Thu Aug 11 14:44:44 2011 +0000 @@ -101,14 +101,14 @@ #ifdef ZEPHYR_USES_KERBEROS if (krealm) { - strcpy(__Zephyr_realm, krealm); + g_strlcpy(__Zephyr_realm, krealm, REALM_SZ); } else if ((krb_get_tf_fullname(TKT_FILE, d1, d2, __Zephyr_realm) != KSUCCESS) && ((krbval = krb_get_lrealm(__Zephyr_realm, 1)) != KSUCCESS)) { return (krbval); } #else - strcpy(__Zephyr_realm, "local-realm"); + g_strlcpy(__Zephyr_realm, "local-realm", 12); #endif __My_addr.s_addr = INADDR_NONE; diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/zephyr/ZRetSubs.c --- a/libpurple/protocols/zephyr/ZRetSubs.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/zephyr/ZRetSubs.c Thu Aug 11 14:44:44 2011 +0000 @@ -141,32 +141,37 @@ } for (ptr=retnotice.z_message,i = 0; i< __subscriptions_num; i++) { + size_t len; + + len = strlen(ptr) + 1; __subscriptions_list[i].zsub_class = (char *) - malloc((unsigned)strlen(ptr)+1); + malloc(len); if (!__subscriptions_list[i].zsub_class) { ZFreeNotice(&retnotice); return (ENOMEM); } - (void) strcpy(__subscriptions_list[i].zsub_class,ptr); - ptr += strlen(ptr)+1; + g_strlcpy(__subscriptions_list[i].zsub_class,ptr,len); + ptr += len; + len = strlen(ptr) + 1; __subscriptions_list[i].zsub_classinst = (char *) - malloc((unsigned)strlen(ptr)+1); + malloc(len); if (!__subscriptions_list[i].zsub_classinst) { ZFreeNotice(&retnotice); return (ENOMEM); } - (void) strcpy(__subscriptions_list[i].zsub_classinst,ptr); - ptr += strlen(ptr)+1; + g_strlcpy(__subscriptions_list[i].zsub_classinst,ptr,len); + ptr += len; ptr2 = ptr; if (!*ptr2) ptr2 = "*"; + len = strlen(ptr2) + 1; __subscriptions_list[i].zsub_recipient = (char *) - malloc((unsigned)strlen(ptr2)+1); + malloc(len); if (!__subscriptions_list[i].zsub_recipient) { ZFreeNotice(&retnotice); return (ENOMEM); } - (void) strcpy(__subscriptions_list[i].zsub_recipient,ptr2); + g_strlcpy(__subscriptions_list[i].zsub_recipient,ptr2,len); ptr += strlen(ptr)+1; } ZFreeNotice(&retnotice); diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/zephyr/Zinternal.c --- a/libpurple/protocols/zephyr/Zinternal.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/zephyr/Zinternal.c Thu Aug 11 14:44:44 2011 +0000 @@ -677,7 +677,7 @@ if (buffer_len < strlen(notice->z_version)+1) return (ZERR_HEADERLEN); - (void) strcpy(ptr, notice->z_version); + g_strlcpy(ptr, notice->z_version, buffer_len); ptr += strlen(ptr)+1; if (ZMakeAscii32(ptr, end-ptr, Z_NUMFIELDS + notice->z_num_other_fields) @@ -767,9 +767,9 @@ if (*ptr+len > end) return 1; if (field) - (void) strcpy(*ptr, field); + g_strlcpy(*ptr, field, len); else - **ptr = '\0'; + **ptr = '\0'; *ptr += len; return 0; diff -r c563769843b2 -r ac43f26c7f61 libpurple/protocols/zephyr/zephyr.c --- a/libpurple/protocols/zephyr/zephyr.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/protocols/zephyr/zephyr.c Thu Aug 11 14:44:44 2011 +0000 @@ -2235,7 +2235,7 @@ return NULL; } - strcpy(buf, tmp); + g_strlcpy(buf, tmp, sizeof(buf)); g_free(tmp); return buf; diff -r c563769843b2 -r ac43f26c7f61 libpurple/proxy.c --- a/libpurple/proxy.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/proxy.c Thu Aug 11 14:44:44 2011 +0000 @@ -981,7 +981,7 @@ hostname[sizeof(hostname) - 1] = '\0'; if (ret < 0 || hostname[0] == '\0') { purple_debug_warning("proxy", "gethostname() failed -- is your hostname set?"); - strcpy(hostname, "localhost"); + g_strlcpy(hostname, "localhost", sizeof(hostname)); } if (domain != NULL) @@ -1115,7 +1115,7 @@ hostname[sizeof(hostname) - 1] = '\0'; if (ret < 0 || hostname[0] == '\0') { purple_debug_warning("proxy", "gethostname() failed -- is your hostname set?"); - strcpy(hostname, "localhost"); + g_strlcpy(hostname, "localhost", sizeof(hostname)); } t1 = g_strdup_printf("%s:%s", diff -r c563769843b2 -r ac43f26c7f61 libpurple/win32/libc_interface.c --- a/libpurple/win32/libc_interface.c Thu Aug 11 08:28:31 2011 +0000 +++ b/libpurple/win32/libc_interface.c Thu Aug 11 14:44:44 2011 +0000 @@ -982,7 +982,7 @@ if (strcmp(tzname, zonename) == 0) { /* Matched zone */ - strcpy(localtzname, keyname); + g_strlcpy(localtzname, keyname, sizeof(localtzname)); RegCloseKey(key); break; } @@ -997,7 +997,7 @@ if (strcmp(tzname, zonename) == 0) { /* Matched DST zone */ - strcpy(localtzname, keyname); + g_strlcpy(localtzname, keyname, sizeof(localtzname)); RegCloseKey(key); break; }