diff options
| author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2004-01-08 20:58:33 +0000 |
|---|---|---|
| committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2004-01-08 20:58:33 +0000 |
| commit | 506bfed29a2a94e099faac8f3d75b72bfe4edd45 (patch) | |
| tree | 79716f045721a3efd3ebf9025404583126a948b4 /include | |
| parent | ec24086762601498657a4675c55c4a899a501617 (diff) | |
- replace strncpy() with secure strscpy() where possible (Alexei)
git-svn-id: svn://svn.zabbix.com/trunk@1148 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'include')
| -rw-r--r-- | include/cfg.c | 6 | ||||
| -rw-r--r-- | include/common.h | 3 | ||||
| -rw-r--r-- | include/db.c | 60 | ||||
| -rw-r--r-- | include/db.h | 4 | ||||
| -rw-r--r-- | include/expression.c | 70 | ||||
| -rw-r--r-- | include/functions.c | 98 | ||||
| -rw-r--r-- | include/log.c | 12 | ||||
| -rw-r--r-- | include/security.c | 4 |
8 files changed, 130 insertions, 127 deletions
diff --git a/include/cfg.c b/include/cfg.c index b69d5592..bb87b46d 100644 --- a/include/cfg.c +++ b/include/cfg.c @@ -46,8 +46,8 @@ int parse_cfg_file(char *cfg_file,struct cfg_line *cfg) { FILE *file; - char line[MAX_STRING_LEN+1]; - char parameter[MAX_STRING_LEN+1]; + char line[MAX_STRING_LEN]; + char parameter[MAX_STRING_LEN]; char *value; int lineno; int i,var; @@ -71,7 +71,7 @@ int parse_cfg_file(char *cfg_file,struct cfg_line *cfg) if(line[0]=='#') continue; if(strlen(line)==1) continue; - strncpy(parameter,line,MAX_STRING_LEN); + strscpy(parameter,line); value=strstr(line,"="); diff --git a/include/common.h b/include/common.h index 9fc95ab3..ea50faf4 100644 --- a/include/common.h +++ b/include/common.h @@ -129,4 +129,7 @@ #define TRAPPER_TIMEOUT 5 #define SNMPTRAPPER_TIMEOUT 5 +/* Secure string copy */ +#define strscpy(x,y) { strncpy(x,y,sizeof(x)); x[sizeof(x)-1]=0; } + #endif diff --git a/include/db.c b/include/db.c index 11ffcb6b..720c05d3 100644 --- a/include/db.c +++ b/include/db.c @@ -294,7 +294,7 @@ int DBget_function_result(double *result,char *functionid) DB_RESULT *dbresult; int res = SUCCEED; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; /* 0 is added to distinguish between lastvalue==NULL and empty result */ sprintf( sql, "select 0,lastvalue from functions where functionid=%s", functionid ); @@ -322,7 +322,7 @@ int DBget_function_result(double *result,char *functionid) /* SUCCEED if latest alarm with triggerid has this status */ int DBget_prev_trigger_value(int triggerid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int clock; int value; @@ -376,7 +376,7 @@ int DBget_prev_trigger_value(int triggerid) /* Rewrite required to simplify logic ?*/ int latest_alarm(int triggerid, int status) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int clock; DB_RESULT *result; int ret = FAIL; @@ -419,7 +419,7 @@ int latest_alarm(int triggerid, int status) /* Rewrite required to simplify logic ?*/ int latest_service_alarm(int serviceid, int status) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int clock; DB_RESULT *result; int ret = FAIL; @@ -460,7 +460,7 @@ int latest_service_alarm(int serviceid, int status) int add_alarm(int triggerid,int status,int clock) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In add_alarm()"); @@ -480,7 +480,7 @@ int add_alarm(int triggerid,int status,int clock) int DBadd_service_alarm(int serviceid,int status,int clock) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In add_service_alarm()"); @@ -506,7 +506,7 @@ void update_problems(int triggerid, int value, int clock) int DBupdate_trigger_value(int triggerid,int value,int clock) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In update_trigger_value()"); add_alarm(triggerid,value,clock); @@ -531,7 +531,7 @@ int DBupdate_trigger_value(int triggerid,int value,int clock) void update_triggers_status_to_unknown(int hostid,int clock) { int i; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int triggerid; DB_RESULT *result; @@ -556,7 +556,7 @@ void update_triggers_status_to_unknown(int hostid,int clock) void DBdelete_service(int serviceid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; sprintf(sql,"delete from services_links where servicedownid=%d or serviceupid=%d", serviceid, serviceid); DBexecute(sql); @@ -567,7 +567,7 @@ void DBdelete_service(int serviceid) void DBdelete_services_by_triggerid(int triggerid) { int i, serviceid; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBdelete_services_by_triggerid(%d)", triggerid); @@ -586,7 +586,7 @@ void DBdelete_services_by_triggerid(int triggerid) void DBdelete_trigger(int triggerid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; sprintf(sql,"delete from trigger_depends where triggerid_down=%d or triggerid_up=%d", triggerid, triggerid); DBexecute(sql); @@ -608,7 +608,7 @@ void DBdelete_trigger(int triggerid) void DBdelete_triggers_by_itemid(int itemid) { int i, triggerid; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBdelete_triggers_by_itemid(%d)", itemid); @@ -630,7 +630,7 @@ void DBdelete_triggers_by_itemid(int itemid) void DBdelete_trends_by_itemid(int itemid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; sprintf(sql,"delete from trends where itemid=%d", itemid); DBexecute(sql); @@ -638,7 +638,7 @@ void DBdelete_trends_by_itemid(int itemid) void DBdelete_history_by_itemid(int itemid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; sprintf(sql,"delete from history where itemid=%d", itemid); DBexecute(sql); @@ -648,7 +648,7 @@ void DBdelete_history_by_itemid(int itemid) void DBdelete_item(int itemid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In DBdelete_item(%d)", itemid); @@ -665,7 +665,7 @@ void DBdelete_item(int itemid) void DBdelete_host(int hostid) { int i, itemid; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBdelete_host(%d)", hostid); @@ -691,7 +691,7 @@ void DBdelete_host(int hostid) void DBupdate_triggers_status_after_restart(void) { int i; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int triggerid, lastchange; int now; @@ -735,7 +735,7 @@ void DBupdate_triggers_status_after_restart(void) void DBupdate_host_status(int hostid,int status,int clock) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int disable_until; zabbix_log(LOG_LEVEL_DEBUG,"In update_host_status()"); @@ -808,7 +808,7 @@ void DBupdate_host_status(int hostid,int status,int clock) int DBupdate_item_status_to_notsupported(int itemid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In DBupdate_item_status_to_notsupported()"); @@ -822,7 +822,7 @@ int DBupdate_item_status_to_notsupported(int itemid) int DBadd_trend(int itemid, double value, int clock) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int hour; int num; double value_min, value_avg, value_max; @@ -860,7 +860,7 @@ int DBadd_trend(int itemid, double value, int clock) int DBadd_history(int itemid, double value, int clock) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In add_history()"); @@ -874,7 +874,7 @@ int DBadd_history(int itemid, double value, int clock) int DBadd_history_str(int itemid, char *value, int clock) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In add_history_str()"); @@ -887,7 +887,7 @@ int DBadd_history_str(int itemid, char *value, int clock) int DBget_items_count(void) { int res; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBget_items_count()"); @@ -913,7 +913,7 @@ int DBget_items_count(void) int DBget_triggers_count(void) { int res; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBget_triggers_count()"); @@ -939,7 +939,7 @@ int DBget_triggers_count(void) int DBget_items_unsupported_count(void) { int res; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBget_items_unsupported_count()"); @@ -965,7 +965,7 @@ int DBget_items_unsupported_count(void) int DBget_history_count(void) { int res; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBget_history_count()"); @@ -991,7 +991,7 @@ int DBget_history_count(void) int DBget_trends_count(void) { int res; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; zabbix_log(LOG_LEVEL_DEBUG,"In DBget_trends_count()"); @@ -1017,7 +1017,7 @@ int DBget_trends_count(void) int DBget_queue_count(void) { int res; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; int now; @@ -1045,7 +1045,7 @@ int DBget_queue_count(void) int DBadd_alert(int actionid, int mediatypeid, char *sendto, char *subject, char *message) { int now; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; zabbix_log(LOG_LEVEL_DEBUG,"In add_alert()"); @@ -1068,7 +1068,7 @@ void DBvacuum(void) "stats", NULL}; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; char *table; int i; #ifdef HAVE_FUNCTION_SETPROCTITLE diff --git a/include/db.h b/include/db.h index d9e1a297..c9142c89 100644 --- a/include/db.h +++ b/include/db.h @@ -157,8 +157,8 @@ DB_ACTION int delay; int lastcheck; int recipient; - char subject[MAX_STRING_LEN+1]; - char message[MAX_STRING_LEN+1]; + char subject[MAX_STRING_LEN]; + char message[MAX_STRING_LEN]; }; DB_ALERT diff --git a/include/expression.c b/include/expression.c index 06f932da..1f3e80dc 100644 --- a/include/expression.c +++ b/include/expression.c @@ -149,7 +149,7 @@ int find_char(char *str,char c) int evaluate_simple (double *result,char *exp) { double value1,value2; - char first[MAX_STRING_LEN+1],second[MAX_STRING_LEN+1]; + char first[MAX_STRING_LEN],second[MAX_STRING_LEN]; int i,j,l; zabbix_log( LOG_LEVEL_DEBUG, "Evaluating simple expression [%s]", exp ); @@ -166,7 +166,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log( LOG_LEVEL_DEBUG, "| is found" ); l=find_char(exp,'|'); - strncpy( first, exp, MAX_STRING_LEN ); + strscpy( first, exp ); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -203,7 +203,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "& is found" ); l=find_char(exp,'&'); - strncpy( first, exp, MAX_STRING_LEN ); + strscpy( first, exp ); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -238,7 +238,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "> is found" ); l=find_char(exp,'>'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -272,7 +272,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "< is found" ); l=find_char(exp,'<'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -308,7 +308,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "* is found" ); l=find_char(exp,'*'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -335,7 +335,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "/ is found" ); l=find_char(exp,'/'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -370,7 +370,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "+ is found" ); l=find_char(exp,'+'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -397,7 +397,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "- is found" ); l=find_char(exp,'-'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -424,7 +424,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "= is found" ); l=find_char(exp,'='); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -458,7 +458,7 @@ int evaluate_simple (double *result,char *exp) { zabbix_log(LOG_LEVEL_DEBUG, "# is found" ); l=find_char(exp,'#'); - strncpy(first, exp, MAX_STRING_LEN); + strscpy(first, exp); first[l]=0; j=0; /* for(i=l+1;i<(int)strlen(exp);i++)*/ @@ -502,13 +502,13 @@ int evaluate_simple (double *result,char *exp) int evaluate(int *result,char *exp) { double value; - char res[MAX_STRING_LEN+1]; - char simple[MAX_STRING_LEN+1]; + char res[MAX_STRING_LEN]; + char simple[MAX_STRING_LEN]; int i,l,r; zabbix_log(LOG_LEVEL_DEBUG, "In evaluate([%s])",exp); - strncpy( res,exp,MAX_STRING_LEN ); + strscpy( res,exp ); while( find_char( exp, ')' ) != FAIL ) { @@ -552,7 +552,7 @@ int evaluate(int *result,char *exp) for(i=l+3;i<=r;i++) exp[i]=' '; sprintf(res,exp,value); - strncpy(exp,res, MAX_STRING_LEN); + strcpy(exp,res); delete_spaces(res); zabbix_log(LOG_LEVEL_DEBUG, "Expression4:[%s]", res ); } @@ -572,9 +572,9 @@ void substitute_simple_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) { int found = SUCCEED; char *s; - char sql[MAX_STRING_LEN+1]; - char str[MAX_STRING_LEN+1]; - char tmp[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; + char str[MAX_STRING_LEN]; + char tmp[MAX_STRING_LEN]; time_t now; struct tm *tm; @@ -585,7 +585,7 @@ void substitute_simple_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) while (found == SUCCEED) { - strncpy(str, exp, MAX_STRING_LEN); + strscpy(str, exp); if( (s = strstr(str,"{HOSTNAME}")) != NULL ) @@ -596,18 +596,18 @@ void substitute_simple_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) if(DBnum_rows(result) == 0) { zabbix_log( LOG_LEVEL_ERR, "No hostname in substitute_simple_macros. Triggerid [%d]", trigger->triggerid); - strncpy(tmp, "*UNKNOWN*", MAX_STRING_LEN); + strscpy(tmp, "*UNKNOWN*"); DBfree_result(result); } else { - strncpy(tmp,DBget_field(result,0,1), MAX_STRING_LEN); + strscpy(tmp,DBget_field(result,0,1)); DBfree_result(result); } s[0]=0; - strncpy(exp, str, MAX_STRING_LEN); + strcpy(exp, str); strncat(exp, tmp, MAX_STRING_LEN); strncat(exp, s+strlen("{HOSTNAME}"), MAX_STRING_LEN); @@ -620,7 +620,7 @@ void substitute_simple_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) sprintf(tmp,"%.4d.%.2d.%.2d",tm->tm_year+1900,tm->tm_mon+1,tm->tm_mday); s[0]=0; - strncpy(exp, str, MAX_STRING_LEN); + strcpy(exp, str); strncat(exp, tmp, MAX_STRING_LEN); strncat(exp, s+strlen("{DATE}"), MAX_STRING_LEN); @@ -633,7 +633,7 @@ void substitute_simple_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) sprintf(tmp,"%.2d:%.2d:%.2d",tm->tm_hour,tm->tm_min,tm->tm_sec); s[0]=0; - strncpy(exp, str, MAX_STRING_LEN); + strcpy(exp, str); strncat(exp, tmp, MAX_STRING_LEN); strncat(exp, s+strlen("{TIME}"), MAX_STRING_LEN); @@ -653,13 +653,13 @@ void substitute_simple_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) */ int substitute_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) { - char res[MAX_STRING_LEN+1]; - char macro[MAX_STRING_LEN+1]; - char host[MAX_STRING_LEN+1]; - char key[MAX_STRING_LEN+1]; - char function[MAX_STRING_LEN+1]; - char parameter[MAX_STRING_LEN+1]; - static char value[MAX_STRING_LEN+1]; + char res[MAX_STRING_LEN]; + char macro[MAX_STRING_LEN]; + char host[MAX_STRING_LEN]; + char key[MAX_STRING_LEN]; + char function[MAX_STRING_LEN]; + char parameter[MAX_STRING_LEN]; + static char value[MAX_STRING_LEN]; int i; int r,l; int r1,l1; @@ -753,7 +753,7 @@ int substitute_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) zabbix_log( LOG_LEVEL_DEBUG, "Value5 [%s]", exp ); sprintf(res,exp,value); - strncpy(exp,res, MAX_STRING_LEN); + strcpy(exp,res); /* delete_spaces(exp); */ zabbix_log( LOG_LEVEL_DEBUG, "Expression4:[%s]", exp ); } @@ -769,8 +769,8 @@ int substitute_macros(DB_TRIGGER *trigger, DB_ACTION *action, char *exp) int substitute_functions(char *exp) { double value; - char functionid[MAX_STRING_LEN+1]; - char res[MAX_STRING_LEN+1]; + char functionid[MAX_STRING_LEN]; + char res[MAX_STRING_LEN]; int i,l,r; zabbix_log(LOG_LEVEL_DEBUG, "BEGIN substitute_functions (%s)", exp); @@ -820,7 +820,7 @@ int substitute_functions(char *exp) zabbix_log( LOG_LEVEL_DEBUG, "Expression3:[%s]", exp ); sprintf(res,exp,value); - strncpy(exp,res, MAX_STRING_LEN); + strcpy(exp,res); delete_spaces(exp); zabbix_log( LOG_LEVEL_DEBUG, "Expression4:[%s]", exp ); } diff --git a/include/functions.c b/include/functions.c index 48498e43..67e4680b 100644 --- a/include/functions.c +++ b/include/functions.c @@ -50,7 +50,7 @@ int evaluate_COUNT(char *value,DB_ITEM *item,int parameter) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int now; int res = SUCCEED; @@ -71,7 +71,7 @@ int evaluate_COUNT(char *value,DB_ITEM *item,int parameter) } else { - strncpy(value,DBget_field(result,0,0),MAX_STRING_LEN); + strcpy(value,DBget_field(result,0,0)); } DBfree_result(result); @@ -85,7 +85,7 @@ int evaluate_SUM(char *value,DB_ITEM *item,int parameter) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int now; int res = SUCCEED; @@ -106,7 +106,7 @@ int evaluate_SUM(char *value,DB_ITEM *item,int parameter) } else { - strncpy(value,DBget_field(result,0,0),MAX_STRING_LEN); + strcpy(value,DBget_field(result,0,0)); } DBfree_result(result); @@ -120,7 +120,7 @@ int evaluate_AVG(char *value,DB_ITEM *item,int parameter) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int now; int res = SUCCEED; @@ -141,7 +141,7 @@ int evaluate_AVG(char *value,DB_ITEM *item,int parameter) } else { - strncpy(value,DBget_field(result,0,0),MAX_STRING_LEN); + strcpy(value,DBget_field(result,0,0)); } DBfree_result(result); @@ -155,7 +155,7 @@ int evaluate_MIN(char *value,DB_ITEM *item,int parameter) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int now; int res = SUCCEED; @@ -176,7 +176,7 @@ int evaluate_MIN(char *value,DB_ITEM *item,int parameter) } else { - strncpy(value,DBget_field(result,0,0),MAX_STRING_LEN); + strcpy(value,DBget_field(result,0,0)); } DBfree_result(result); @@ -190,7 +190,7 @@ int evaluate_MAX(char *value,DB_ITEM *item,int parameter) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int now; int res = SUCCEED; @@ -211,7 +211,7 @@ int evaluate_MAX(char *value,DB_ITEM *item,int parameter) } else { - strncpy(value,DBget_field(result,0,0),MAX_STRING_LEN); + strcpy(value,DBget_field(result,0,0)); } DBfree_result(result); @@ -225,7 +225,7 @@ int evaluate_DELTA(char *value,DB_ITEM *item,int parameter) { DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int now; int res = SUCCEED; @@ -246,7 +246,7 @@ int evaluate_DELTA(char *value,DB_ITEM *item,int parameter) } else { - strncpy(value,DBget_field(result,0,0),MAX_STRING_LEN); + strcpy(value,DBget_field(result,0,0)); } DBfree_result(result); @@ -281,9 +281,9 @@ int evaluate_FUNCTION(char *value,DB_ITEM *item,char *function,char *parameter) else { /* *value=strdup(item->lastvalue_str);*/ - zabbix_log( LOG_LEVEL_DEBUG, "In evaluate_FUNCTION() 3 [%s] [%s]",value,item->lastvalue_str); - strncpy(value,item->lastvalue_str,MAX_STRING_LEN); - zabbix_log( LOG_LEVEL_DEBUG, "In evaluate_FUNCTION() 4"); + zabbix_log( LOG_LEVEL_DEBUG, "In evaluate_FUNCTION() 3 [%s] [%s]",value,item->lastvalue_str); + strcpy(value,item->lastvalue_str); + zabbix_log( LOG_LEVEL_DEBUG, "In evaluate_FUNCTION() 4"); } } } @@ -301,7 +301,7 @@ int evaluate_FUNCTION(char *value,DB_ITEM *item,char *function,char *parameter) } else { - strncpy(value,item->prevvalue_str,MAX_STRING_LEN); + strcpy(value,item->prevvalue_str); } } } @@ -467,8 +467,8 @@ void update_functions(DB_ITEM *item) { DB_FUNCTION function; DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; - char value[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; + char value[MAX_STRING_LEN]; int ret=SUCCEED; int i; @@ -512,7 +512,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c { int s; int i,e; - char c[MAX_STRING_LEN+1]; + char c[MAX_STRING_LEN]; struct hostent *hp; struct sockaddr_in myaddr_in; @@ -568,7 +568,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c } zabbix_log( LOG_LEVEL_DEBUG, "SENDING MAIL5"); - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* i=sizeof(struct sockaddr_in); i=recvfrom(s,c,MAX_STRING_LEN,0,(struct sockaddr *)&servaddr_in,&i);*/ i=read(s,c,MAX_STRING_LEN); @@ -588,7 +588,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c if(strlen(smtp_helo) != 0) { - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); sprintf(c,"HELO %s\r\n",smtp_helo); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ e=write(s,c,strlen(c)); @@ -600,7 +600,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* i=sizeof(struct sockaddr_in); i=recvfrom(s,c,MAX_STRING_LEN,0,(struct sockaddr *)&servaddr_in,&i);*/ i=read(s,c,MAX_STRING_LEN); @@ -619,7 +619,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c } } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* sprintf(c,"MAIL FROM: %s\r\n",smtp_email);*/ sprintf(c,"MAIL FROM: <%s>\r\n",smtp_email); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ @@ -632,7 +632,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* i=sizeof(struct sockaddr_in); i=recvfrom(s,c,MAX_STRING_LEN,0,(struct sockaddr *)&servaddr_in,&i);*/ i=read(s,c,MAX_STRING_LEN); @@ -650,7 +650,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); sprintf(c,"RCPT TO: <%s>\r\n",mailto); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ e=write(s,c,strlen(c)); @@ -661,7 +661,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c close(s); return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* i=sizeof(struct sockaddr_in); i=recvfrom(s,c,MAX_STRING_LEN,0,(struct sockaddr *)&servaddr_in,&i);*/ i=read(s,c,MAX_STRING_LEN); @@ -680,7 +680,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); sprintf(c,"DATA\r\n"); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ e=write(s,c,strlen(c)); @@ -691,7 +691,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c close(s); return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* i=sizeof(struct sockaddr_in); i=recvfrom(s,c,MAX_STRING_LEN,0,(struct sockaddr *)&servaddr_in,&i);*/ i=read(s,c,MAX_STRING_LEN); @@ -709,7 +709,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* sprintf(c,"Subject: %s\r\n%s",mailsubject, mailbody);*/ sprintf(c,"From:<%s>\r\nTo:<%s>\r\nSubject: %s\r\n\r\n%s",smtp_email,mailto,mailsubject, mailbody); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ @@ -721,7 +721,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); sprintf(c,"\r\n.\r\n"); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ e=write(s,c,strlen(c)); @@ -732,7 +732,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c close(s); return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); /* i=sizeof(struct sockaddr_in); i=recvfrom(s,c,MAX_STRING_LEN,0,(struct sockaddr *)&servaddr_in,&i);*/ i=read(s,c,MAX_STRING_LEN); @@ -750,7 +750,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c return FAIL; } - memset(c,0,MAX_STRING_LEN+1); + memset(c,0,MAX_STRING_LEN); sprintf(c,"QUIT\r\n"); /* e=sendto(s,c,strlen(c),0,(struct sockaddr *)&servaddr_in,sizeof(struct sockaddr_in)); */ e=write(s,c,strlen(c)); @@ -774,7 +774,7 @@ int send_email(char *smtp_server,char *smtp_helo,char *smtp_email,char *mailto,c void send_to_user_medias(DB_TRIGGER *trigger,DB_ACTION *action, int userid) { DB_MEDIA media; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; int i; @@ -806,7 +806,7 @@ void send_to_user_medias(DB_TRIGGER *trigger,DB_ACTION *action, int userid) */ void send_to_user(DB_TRIGGER *trigger,DB_ACTION *action) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; int i; @@ -872,7 +872,7 @@ void apply_actions(DB_TRIGGER *trigger,int good) DB_ACTION action; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int i; int now; @@ -913,8 +913,8 @@ void apply_actions(DB_TRIGGER *trigger,int good) action.actionid=atoi(DBget_field(result,i,0)); action.userid=atoi(DBget_field(result,i,1)); action.delay=atoi(DBget_field(result,i,2)); - strncpy(action.subject,DBget_field(result,i,3),MAX_STRING_LEN); - strncpy(action.message,DBget_field(result,i,4),MAX_STRING_LEN); + strscpy(action.subject,DBget_field(result,i,3)); + strscpy(action.message,DBget_field(result,i,4)); action.scope=atoi(DBget_field(result,i,5)); action.severity=atoi(DBget_field(result,i,6)); action.recipient=atoi(DBget_field(result,i,7)); @@ -942,7 +942,7 @@ void apply_actions(DB_TRIGGER *trigger,int good) continue; } DBfree_result(result2); - strncpy(action.subject,trigger->description,MAX_STRING_LEN); + strscpy(action.subject,trigger->description); if(1==good) { strncat(action.subject," (ON)", MAX_STRING_LEN); @@ -951,7 +951,7 @@ void apply_actions(DB_TRIGGER *trigger,int good) { strncat(action.subject," (OFF)", MAX_STRING_LEN); } - strncpy(action.message,action.subject,MAX_STRING_LEN); + strscpy(action.message,action.subject); /* substitute_hostname(trigger->triggerid,action.message); substitute_hostname(trigger->triggerid,action.subject);*/ @@ -964,7 +964,7 @@ void apply_actions(DB_TRIGGER *trigger,int good) continue; } /* -- */ - strncpy(action.subject,trigger->description,MAX_STRING_LEN); + strscpy(action.subject,trigger->description); if(1==good) { strncat(action.subject," (ON)", MAX_STRING_LEN); @@ -973,7 +973,7 @@ void apply_actions(DB_TRIGGER *trigger,int good) { strncat(action.subject," (OFF)", MAX_STRING_LEN); } - strncpy(action.message,action.subject,MAX_STRING_LEN); + strscpy(action.message,action.subject); /* substitute_hostname(trigger->triggerid,action.message); substitute_hostname(trigger->triggerid,action.subject);*/ @@ -996,7 +996,7 @@ void apply_actions(DB_TRIGGER *trigger,int good) */ void update_serv(int serviceid) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int i; int status; int serviceupid, algorithm; @@ -1071,7 +1071,7 @@ void update_serv(int serviceid) void update_services(int triggerid, int status) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; int i; DB_RESULT *result; @@ -1097,8 +1097,8 @@ void update_services(int triggerid, int status) */ void update_triggers(int itemid) { - char sql[MAX_STRING_LEN+1]; - char exp[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; + char exp[MAX_STRING_LEN]; int b; int now; DB_TRIGGER trigger; @@ -1125,7 +1125,7 @@ void update_triggers(int itemid) trigger.value=atoi(DBget_field(result,i,5)); trigger.description=DBget_field(result,i,6); - strncpy(exp, trigger.expression, MAX_STRING_LEN); + strscpy(exp, trigger.expression); if( evaluate_expression(&b, exp) != 0 ) { zabbix_log( LOG_LEVEL_WARNING, "Expression [%s] cannot be evaluated.",trigger.expression); @@ -1200,7 +1200,7 @@ int get_lastvalue(char *value,char *host,char *key,char *function,char *paramete DB_ITEM item; DB_RESULT *result; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; char *s; int res; @@ -1256,7 +1256,7 @@ int get_lastvalue(char *value,char *host,char *key,char *function,char *paramete /* int process_data(char *server,char *key, double value)*/ int process_data(int sockfd,char *server,char *key,char *value) { - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; DB_RESULT *result; DB_ITEM item; @@ -1330,7 +1330,7 @@ int process_data(int sockfd,char *server,char *key,char *value) void process_new_value(DB_ITEM *item,char *value) { int now; - char sql[MAX_STRING_LEN+1]; + char sql[MAX_STRING_LEN]; double value_double; char *e; diff --git a/include/log.c b/include/log.c index 6ccde9c0..6fc12b6a 100644 --- a/include/log.c +++ b/include/log.c @@ -33,7 +33,7 @@ #include "common.h" static FILE *log_file = NULL; -static char log_filename[MAX_STRING_LEN+1]; +static char log_filename[MAX_STRING_LEN]; static int log_type = LOG_TYPE_UNDEFINED; static int log_level; @@ -62,7 +62,7 @@ int zabbix_open_log(int type,int level, const char *filename) return FAIL; } log_type = LOG_TYPE_FILE; - strncpy(log_filename,filename,MAX_STRING_LEN); + strscpy(log_filename,filename); fclose(log_file); } else @@ -81,14 +81,14 @@ void zabbix_set_log_level(int level) void zabbix_log(int level, const char *fmt, ...) { - char str[MAX_STRING_LEN+1]; - char str2[MAX_STRING_LEN+1]; + char str[MAX_STRING_LEN]; + char str2[MAX_STRING_LEN]; time_t t; struct tm *tm; va_list ap; struct stat buf; - char filename_old[MAX_STRING_LEN+1]; + char filename_old[MAX_STRING_LEN]; if( (level>log_level) || (level == LOG_LEVEL_EMPTY)) { @@ -129,7 +129,7 @@ void zabbix_log(int level, const char *fmt, ...) { if(buf.st_size>1024*1024) { - strncpy(filename_old,log_filename,MAX_STRING_LEN); + strscpy(filename_old,log_filename); strcat(filename_old,".old"); if(rename(log_filename,filename_old) != 0) { diff --git a/include/security.c b/include/security.c index eaf7b68e..0a0be6d8 100644 --- a/include/security.c +++ b/include/security.c @@ -37,7 +37,7 @@ int check_security(int sockfd, char *ip_list, int allow_if_empty) int i; char *s; - char tmp[MAX_STRING_LEN+1]; + char tmp[MAX_STRING_LEN]; zabbix_log( LOG_LEVEL_DEBUG, "In check_security()"); @@ -57,7 +57,7 @@ int check_security(int sockfd, char *ip_list, int allow_if_empty) zabbix_log( LOG_LEVEL_DEBUG, "Connection from [%s]. Allowed servers [%s] ",sname, ip_list); - strncpy(tmp,ip_list,MAX_STRING_LEN); + strscpy(tmp,ip_list); s=(char *)strtok(tmp,","); while(s!=NULL) { |