Use strlcpy instead of strcpy in many places

ticket: 6200
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970

13 files changed, 36 insertions, 26 deletions

diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index 4aa3b242b..b3272815f 100644
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -761,7 +761,7 @@ static int confirm_death ()
     if (!confirm) return (1);	/* no confirm, just die */
     
     if (gethostname (hostname, sizeof(hostname)-1) != 0)
-      strcpy (hostname, "???");
+      strlcpy (hostname, "???", sizeof(hostname));
     else
       hostname[sizeof(hostname)-1] = '\0';
     
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 2fe4c0410..e42da1449 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1383,7 +1383,7 @@ recvauth(valid_checksum)
     }
 
 #ifdef KRB5_KRB4_COMPAT
-    strcpy(v4_instance, "*");
+    strlcpy(v4_instance, "*", sizeof(v4_instance));
 #endif
 
     if ((status = krb5_auth_con_init(bsd_context, &auth_context)))
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index e780216fa..0c2c82eab 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1829,7 +1829,7 @@ recvauth(netfd, peersin, valid_checksum)
 #endif
 
 #ifdef KRB5_KRB4_COMPAT
-    strcpy(v4_instance, "*");
+    strlcpy(v4_instance, "*", sizeof(v4_instance));
 #endif
 
     status = krb5_auth_con_init(bsd_context, &auth_context);
@@ -1908,7 +1908,7 @@ recvauth(netfd, peersin, valid_checksum)
          * Assume it to be the same as the first component of the
 	 * principal's name. 
          */
-	strcpy(remuser, v4_kdata->pname);
+	strlcpy(remuser, v4_kdata->pname, sizeof(remuser));
 
 	status = krb5_425_conv_principal(bsd_context, v4_kdata->pname,
 					 v4_kdata->pinst, v4_kdata->prealm,
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index f54511e48..a0348c273 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -2258,7 +2258,7 @@ int do_krb_login(host, strict)
     kdata = (AUTH_DAT *)malloc( sizeof(AUTH_DAT) );
     ticket = (KTEXT) malloc(sizeof(KTEXT_ST));
 
-    (void) strcpy(instance, "*");
+    (void) strlcpy(instance, "*", sizeof(instance));
     if ((rc=krb_recvauth(authoptions, 0, ticket, "rcmd",
 			 instance, &sin,
 			 (struct sockaddr_in *)0,
diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c
index 3cb7b3f97..6baadf891 100644
--- a/src/appl/bsd/v4rcp.c
+++ b/src/appl/bsd/v4rcp.c
@@ -1071,7 +1071,7 @@ answer_auth()
 	}
 
 #endif
-	strcpy(instance, "*");
+	strlcpy(instance, "*", sizeof(instance));
 
 	/* If rshd was invoked with the -s argument, it will set the
            environment variable KRB_SRVTAB.  We use that to get the
diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c
index 2f7c8310a..ac7a8039f 100644
--- a/src/appl/gssftp/ftp/cmds.c
+++ b/src/appl/gssftp/ftp/cmds.c
@@ -184,7 +184,7 @@ void setpeer(argc, argv)
 		form = FORM_N;
 		mode = MODE_S;
 		stru = STRU_F;
-		(void) strcpy(bytename, "8"), bytesize = 8;
+		(void) strlcpy(bytename, "8", sizeof(bytename)), bytesize = 8;
 		if (autoauth) {
 			if (do_auth() && autoencrypt) {
  				clevel = PROT_P;
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
index 227ca5efc..1e4a0dcb4 100644
--- a/src/appl/gssftp/ftp/ftp.c
+++ b/src/appl/gssftp/ftp/ftp.c
@@ -124,6 +124,8 @@ int gettimeofday(struct timeval *tv, void *tz);
 #define L_INCR 1
 #endif
 
+#include <k5-platform.h>
+
 #ifdef KRB5_KRB4_COMPAT
 #include <krb.h>
 
@@ -411,7 +413,7 @@ int login(char *host)
 		return(1);
 	for (n = 0; n < macnum; ++n) {
 		if (!strcmp("init", macros[n].mac_name)) {
-			(void) strcpy(line, "$init");
+			(void) strlcpy(line, "$init", sizeof(line));
 			makeargv();
 			domacro(margc, margv);
 			break;
diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c
index 6134798ef..2b7839205 100644
--- a/src/appl/gssftp/ftp/glob.c
+++ b/src/appl/gssftp/ftp/glob.c
@@ -772,10 +772,12 @@ static int gethdir(mhome)
 	char *mhome;
 {
 	register struct passwd *pp = getpwnam(mhome);
+	size_t bufsize = lastgpathp - mhome;
 
-	if (!pp || ((mhome + strlen(pp->pw_dir)) >= lastgpathp))
+	if (!pp)
+		return (1);
+	if (strlcpy(mhome, pp->pw_dir, bufsize) >= bufsize)
 		return (1);
-	(void) strcpy(mhome, pp->pw_dir);
 	return (0);
 }
 #endif
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
index 4405e9b17..30fe19a81 100644
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ b/src/appl/gssftp/ftpd/ftpd.c
@@ -1403,7 +1403,7 @@ dataconn(name, size, fmode)
 		/* cast size to long in case sizeof(off_t) > sizeof(long) */
 		(void) sprintf (sizebuf, " (%ld bytes)", (long)size);
 	else
-		(void) strcpy(sizebuf, "");
+		sizebuf[0] = '\0';
 	if (pdata >= 0) {
 		int s, fromlen = sizeof(data_dest);
 
@@ -1748,9 +1748,9 @@ statcmd()
 	    strunames[stru], modenames[mode]);
 	reply(0, "%s", str);
 	if (data != -1)
-		strcpy(str, "     Data connection open");
+		strlcpy(str, "     Data connection open", sizeof(str));
 	else if (pdata != -1) {
-		strcpy(str, "     in Passive mode");
+		strlcpy(str, "     in Passive mode", sizeof(str));
 		sin4 = &pasv_addr;
 		goto printaddr;
 	} else if (usedefault == 0) {
@@ -1764,7 +1764,7 @@ printaddr:
 			 UC(p[1]));
 #undef UC
 	} else
-		strcpy(str, "     No data connection");
+		strlcpy(str, "     No data connection", sizeof(str));
 	reply(0, "%s", str);
 	reply(211, "End of status");
 }
@@ -2321,7 +2321,7 @@ char *adata;
 			return(0);
 		}
 		(void) memcpy((char *)ticket.dat, (char *)out_buf, ticket.length = length);
-		strcpy(instance, "*");
+		strlcpy(instance, "*", sizeof(instance));
 
 		kerror = 255;
 		for (service = krb4_services; *service; service++) {
diff --git a/src/appl/libpty/getpty.c b/src/appl/libpty/getpty.c
index 610a471e6..995b22770 100644
--- a/src/appl/libpty/getpty.c
+++ b/src/appl/libpty/getpty.c
@@ -23,6 +23,7 @@
 #include "com_err.h"
 #include "libpty.h"
 #include "pty-int.h"
+#include "k5-platform.h"
 
 long
 ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
@@ -59,12 +60,11 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
 	*fd = -1;
 	return PTY_GETPTY_NOPTY;
     }
-    if (strlen(slaveret) > slavelength - 1) {
+    if (strlcpy(slave, slaveret, slavelength) >= slavelength) {
 	close(*fd);
 	*fd = -1;
 	return PTY_GETPTY_SLAVE_TOOLONG;
     }
-    else strcpy(slave, slaveret);
     return 0;
 #else /*HAVE__GETPTY*/
     
@@ -92,12 +92,11 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
 #endif
 #endif
 	if (p) {
-	    if (strlen(p) > slavelength - 1) {
+	    if (strlcpy(slave, p, slavelength) >= slavelength) {
 		    close (*fd);
 		    *fd = -1;
 		    return PTY_GETPTY_SLAVE_TOOLONG;
 	    }
-	    strcpy(slave, p);
 	    return 0;
 	}
 
diff --git a/src/appl/libpty/update_utmp.c b/src/appl/libpty/update_utmp.c
index 8f3d6a66c..292a1675b 100644
--- a/src/appl/libpty/update_utmp.c
+++ b/src/appl/libpty/update_utmp.c
@@ -319,6 +319,7 @@
 #include "com_err.h"
 #include "libpty.h"
 #include "pty-int.h"
+#include "k5-platform.h"
 
 #if !defined(UTMP_FILE) && defined(_PATH_UTMP)
 #define UTMP_FILE _PATH_UTMP
@@ -547,7 +548,7 @@ pty_update_utmp(int process_type, int pid, const char *username,
      * pain, and would eit cross-compiling.
      */
 #ifdef __hpux
-    strcpy(utmp_id, cp);
+    strlcpy(utmp_id, cp, sizeof(utmp_id));
 #else
     if (len > 2 && *(cp - 1) != '/')
 	snprintf(utmp_id, sizeof(utmp_id), "k%s", cp - 1);
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index aec975670..06c6e9847 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -452,7 +452,8 @@ kerberos5_is(ap, data, cnt)
 		 * the default is of length 4.
 		 */
 		if (krb5_princ_size(telnet_context,ticket->server) < 1) {
-		    (void) strcpy(errbuf, "malformed service name");
+		    (void) strlcpy(errbuf, "malformed service name",
+				   sizeof(errbuf));
 		    goto errout;
 		}
 		if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
@@ -472,7 +473,8 @@ kerberos5_is(ap, data, cnt)
 			goto errout;
 		    }
 		} else {
-		    (void) strcpy(errbuf, "service name too long");
+		    (void) strlcpy(errbuf, "service name too long",
+				   sizeof(errbuf));
 		    goto errout;
 		}
 
@@ -487,8 +489,9 @@ kerberos5_is(ap, data, cnt)
 		}
 		if ((ap->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON &&
 		    !authenticator->checksum) {
-			(void) strcpy(errbuf,
-				"authenticator is missing required checksum");
+			(void) strlcpy(errbuf,
+				"authenticator is missing required checksum",
+				       sizeof(errbuf));
 			goto errout;
 		}
 		if (authenticator->checksum) {
diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c
index 57106de7f..92418dbed 100644
--- a/src/appl/telnet/telnet/commands.c
+++ b/src/appl/telnet/telnet/commands.c
@@ -117,6 +117,8 @@ static	unsigned long sourceroute(char *, char **, int *);
 
 #include "fake-addrinfo.h"
 
+#include <k5-platform.h>
+
 char	*hostname;
 static char _hostname[MAXDNAME];
 static char hostaddrstring[NI_MAXHOST];
@@ -2431,7 +2433,7 @@ tn(argc, argv)
 	return 0;
     }
     if (argc < 2) {
-	(void) strcpy(line, "open ");
+	(void) strlcpy(line, "open ", sizeof(line));
 	printf("(to) ");
 	(void) fgets(&line[strlen(line)], (int) (sizeof(line) - strlen(line)),
 		     stdin);
@@ -2580,7 +2582,8 @@ tn(argc, argv)
 	if (error) {
 	    fprintf (stderr, "getnameinfo() error printing address: %s\n",
 		     gai_strerror (error));
-	    strcpy (hostaddrstring, "[address unprintable]");
+	    strlcpy (hostaddrstring, "[address unprintable]",
+		     sizeof(hostaddrstring));
 	}
 	printf("Trying %s...\r\n", hostaddrstring);
 #if	defined(IP_OPTIONS) && defined(IPPROTO_IP)