summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/appl/bsd/krlogin.c2
-rw-r--r--src/appl/bsd/krlogind.c2
-rw-r--r--src/appl/bsd/krshd.c4
-rw-r--r--src/appl/bsd/login.c2
-rw-r--r--src/appl/bsd/v4rcp.c2
-rw-r--r--src/appl/gssftp/ftp/cmds.c2
-rw-r--r--src/appl/gssftp/ftp/ftp.c4
-rw-r--r--src/appl/gssftp/ftp/glob.c6
-rw-r--r--src/appl/gssftp/ftpd/ftpd.c10
-rw-r--r--src/appl/libpty/getpty.c7
-rw-r--r--src/appl/libpty/update_utmp.c3
-rw-r--r--src/appl/telnet/libtelnet/kerberos5.c11
-rw-r--r--src/appl/telnet/telnet/commands.c7
-rw-r--r--src/kadmin/dbutil/dumpv4.c6
-rw-r--r--src/kadmin/server/ipropd_svc.c3
-rw-r--r--src/kadmin/server/schpw.c47
-rw-r--r--src/kdc/fakeka.c21
-rw-r--r--src/kdc/kdc_authdata.c2
-rw-r--r--src/kdc/kerberos_v4.c2
-rw-r--r--src/kdc/network.c12
-rw-r--r--src/lib/crypto/cksumtype_to_string.c5
-rw-r--r--src/lib/crypto/enctype_to_string.c5
-rw-r--r--src/lib/kadm5/clnt/Makefile.in4
-rw-r--r--src/lib/kadm5/srv/Makefile.in4
-rw-r--r--src/lib/kadm5/str_conv.c4
-rw-r--r--src/lib/kdb/kdb5.c4
-rw-r--r--src/lib/kdb/keytab.c3
-rw-r--r--src/lib/krb5/krb/conv_princ.c3
-rw-r--r--src/lib/krb5/krb/gic_pwd.c11
-rw-r--r--src/lib/krb5/krb/str_conv.c8
-rw-r--r--src/lib/krb5/os/an_to_ln.c9
-rw-r--r--src/lib/krb5/os/hst_realm.c3
-rw-r--r--src/lib/krb5/os/ktdefname.c12
-rw-r--r--src/lib/krb5/os/sendto_kdc.c4
-rw-r--r--src/plugins/kdb/db2/kdb_db2.c2
-rw-r--r--src/tests/resolve/Makefile.in2
-rw-r--r--src/tests/resolve/addrinfo-test.c7
-rw-r--r--src/util/et/error_message.c2
-rw-r--r--src/util/support/errors.c3
39 files changed, 132 insertions, 118 deletions
diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index 4aa3b242b..b3272815f 100644
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -761,7 +761,7 @@ static int confirm_death ()
if (!confirm) return (1); /* no confirm, just die */
if (gethostname (hostname, sizeof(hostname)-1) != 0)
- strcpy (hostname, "???");
+ strlcpy (hostname, "???", sizeof(hostname));
else
hostname[sizeof(hostname)-1] = '\0';
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 2fe4c0410..e42da1449 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1383,7 +1383,7 @@ recvauth(valid_checksum)
}
#ifdef KRB5_KRB4_COMPAT
- strcpy(v4_instance, "*");
+ strlcpy(v4_instance, "*", sizeof(v4_instance));
#endif
if ((status = krb5_auth_con_init(bsd_context, &auth_context)))
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index e780216fa..0c2c82eab 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1829,7 +1829,7 @@ recvauth(netfd, peersin, valid_checksum)
#endif
#ifdef KRB5_KRB4_COMPAT
- strcpy(v4_instance, "*");
+ strlcpy(v4_instance, "*", sizeof(v4_instance));
#endif
status = krb5_auth_con_init(bsd_context, &auth_context);
@@ -1908,7 +1908,7 @@ recvauth(netfd, peersin, valid_checksum)
* Assume it to be the same as the first component of the
* principal's name.
*/
- strcpy(remuser, v4_kdata->pname);
+ strlcpy(remuser, v4_kdata->pname, sizeof(remuser));
status = krb5_425_conv_principal(bsd_context, v4_kdata->pname,
v4_kdata->pinst, v4_kdata->prealm,
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index f54511e48..a0348c273 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -2258,7 +2258,7 @@ int do_krb_login(host, strict)
kdata = (AUTH_DAT *)malloc( sizeof(AUTH_DAT) );
ticket = (KTEXT) malloc(sizeof(KTEXT_ST));
- (void) strcpy(instance, "*");
+ (void) strlcpy(instance, "*", sizeof(instance));
if ((rc=krb_recvauth(authoptions, 0, ticket, "rcmd",
instance, &sin,
(struct sockaddr_in *)0,
diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c
index 3cb7b3f97..6baadf891 100644
--- a/src/appl/bsd/v4rcp.c
+++ b/src/appl/bsd/v4rcp.c
@@ -1071,7 +1071,7 @@ answer_auth()
}
#endif
- strcpy(instance, "*");
+ strlcpy(instance, "*", sizeof(instance));
/* If rshd was invoked with the -s argument, it will set the
environment variable KRB_SRVTAB. We use that to get the
diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c
index 2f7c8310a..ac7a8039f 100644
--- a/src/appl/gssftp/ftp/cmds.c
+++ b/src/appl/gssftp/ftp/cmds.c
@@ -184,7 +184,7 @@ void setpeer(argc, argv)
form = FORM_N;
mode = MODE_S;
stru = STRU_F;
- (void) strcpy(bytename, "8"), bytesize = 8;
+ (void) strlcpy(bytename, "8", sizeof(bytename)), bytesize = 8;
if (autoauth) {
if (do_auth() && autoencrypt) {
clevel = PROT_P;
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
index 227ca5efc..1e4a0dcb4 100644
--- a/src/appl/gssftp/ftp/ftp.c
+++ b/src/appl/gssftp/ftp/ftp.c
@@ -124,6 +124,8 @@ int gettimeofday(struct timeval *tv, void *tz);
#define L_INCR 1
#endif
+#include <k5-platform.h>
+
#ifdef KRB5_KRB4_COMPAT
#include <krb.h>
@@ -411,7 +413,7 @@ int login(char *host)
return(1);
for (n = 0; n < macnum; ++n) {
if (!strcmp("init", macros[n].mac_name)) {
- (void) strcpy(line, "$init");
+ (void) strlcpy(line, "$init", sizeof(line));
makeargv();
domacro(margc, margv);
break;
diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c
index 6134798ef..2b7839205 100644
--- a/src/appl/gssftp/ftp/glob.c
+++ b/src/appl/gssftp/ftp/glob.c
@@ -772,10 +772,12 @@ static int gethdir(mhome)
char *mhome;
{
register struct passwd *pp = getpwnam(mhome);
+ size_t bufsize = lastgpathp - mhome;
- if (!pp || ((mhome + strlen(pp->pw_dir)) >= lastgpathp))
+ if (!pp)
+ return (1);
+ if (strlcpy(mhome, pp->pw_dir, bufsize) >= bufsize)
return (1);
- (void) strcpy(mhome, pp->pw_dir);
return (0);
}
#endif
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
index 4405e9b17..30fe19a81 100644
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ b/src/appl/gssftp/ftpd/ftpd.c
@@ -1403,7 +1403,7 @@ dataconn(name, size, fmode)
/* cast size to long in case sizeof(off_t) > sizeof(long) */
(void) sprintf (sizebuf, " (%ld bytes)", (long)size);
else
- (void) strcpy(sizebuf, "");
+ sizebuf[0] = '\0';
if (pdata >= 0) {
int s, fromlen = sizeof(data_dest);
@@ -1748,9 +1748,9 @@ statcmd()
strunames[stru], modenames[mode]);
reply(0, "%s", str);
if (data != -1)
- strcpy(str, " Data connection open");
+ strlcpy(str, " Data connection open", sizeof(str));
else if (pdata != -1) {
- strcpy(str, " in Passive mode");
+ strlcpy(str, " in Passive mode", sizeof(str));
sin4 = &pasv_addr;
goto printaddr;
} else if (usedefault == 0) {
@@ -1764,7 +1764,7 @@ printaddr:
UC(p[1]));
#undef UC
} else
- strcpy(str, " No data connection");
+ strlcpy(str, " No data connection", sizeof(str));
reply(0, "%s", str);
reply(211, "End of status");
}
@@ -2321,7 +2321,7 @@ char *adata;
return(0);
}
(void) memcpy((char *)ticket.dat, (char *)out_buf, ticket.length = length);
- strcpy(instance, "*");
+ strlcpy(instance, "*", sizeof(instance));
kerror = 255;
for (service = krb4_services; *service; service++) {
diff --git a/src/appl/libpty/getpty.c b/src/appl/libpty/getpty.c
index 610a471e6..995b22770 100644
--- a/src/appl/libpty/getpty.c
+++ b/src/appl/libpty/getpty.c
@@ -23,6 +23,7 @@
#include "com_err.h"
#include "libpty.h"
#include "pty-int.h"
+#include "k5-platform.h"
long
ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
@@ -59,12 +60,11 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
*fd = -1;
return PTY_GETPTY_NOPTY;
}
- if (strlen(slaveret) > slavelength - 1) {
+ if (strlcpy(slave, slaveret, slavelength) >= slavelength) {
close(*fd);
*fd = -1;
return PTY_GETPTY_SLAVE_TOOLONG;
}
- else strcpy(slave, slaveret);
return 0;
#else /*HAVE__GETPTY*/
@@ -92,12 +92,11 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
#endif
#endif
if (p) {
- if (strlen(p) > slavelength - 1) {
+ if (strlcpy(slave, p, slavelength) >= slavelength) {
close (*fd);
*fd = -1;
return PTY_GETPTY_SLAVE_TOOLONG;
}
- strcpy(slave, p);
return 0;
}
diff --git a/src/appl/libpty/update_utmp.c b/src/appl/libpty/update_utmp.c
index 8f3d6a66c..292a1675b 100644
--- a/src/appl/libpty/update_utmp.c
+++ b/src/appl/libpty/update_utmp.c
@@ -319,6 +319,7 @@
#include "com_err.h"
#include "libpty.h"
#include "pty-int.h"
+#include "k5-platform.h"
#if !defined(UTMP_FILE) && defined(_PATH_UTMP)
#define UTMP_FILE _PATH_UTMP
@@ -547,7 +548,7 @@ pty_update_utmp(int process_type, int pid, const char *username,
* pain, and would eit cross-compiling.
*/
#ifdef __hpux
- strcpy(utmp_id, cp);
+ strlcpy(utmp_id, cp, sizeof(utmp_id));
#else
if (len > 2 && *(cp - 1) != '/')
snprintf(utmp_id, sizeof(utmp_id), "k%s", cp - 1);
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index aec975670..06c6e9847 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -452,7 +452,8 @@ kerberos5_is(ap, data, cnt)
* the default is of length 4.
*/
if (krb5_princ_size(telnet_context,ticket->server) < 1) {
- (void) strcpy(errbuf, "malformed service name");
+ (void) strlcpy(errbuf, "malformed service name",
+ sizeof(errbuf));
goto errout;
}
if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
@@ -472,7 +473,8 @@ kerberos5_is(ap, data, cnt)
goto errout;
}
} else {
- (void) strcpy(errbuf, "service name too long");
+ (void) strlcpy(errbuf, "service name too long",
+ sizeof(errbuf));
goto errout;
}
@@ -487,8 +489,9 @@ kerberos5_is(ap, data, cnt)
}
if ((ap->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON &&
!authenticator->checksum) {
- (void) strcpy(errbuf,
- "authenticator is missing required checksum");
+ (void) strlcpy(errbuf,
+ "authenticator is missing required checksum",
+ sizeof(errbuf));
goto errout;
}
if (authenticator->checksum) {
diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c
index 57106de7f..92418dbed 100644
--- a/src/appl/telnet/telnet/commands.c
+++ b/src/appl/telnet/telnet/commands.c
@@ -117,6 +117,8 @@ static unsigned long sourceroute(char *, char **, int *);
#include "fake-addrinfo.h"
+#include <k5-platform.h>
+
char *hostname;
static char _hostname[MAXDNAME];
static char hostaddrstring[NI_MAXHOST];
@@ -2431,7 +2433,7 @@ tn(argc, argv)
return 0;
}
if (argc < 2) {
- (void) strcpy(line, "open ");
+ (void) strlcpy(line, "open ", sizeof(line));
printf("(to) ");
(void) fgets(&line[strlen(line)], (int) (sizeof(line) - strlen(line)),
stdin);
@@ -2580,7 +2582,8 @@ tn(argc, argv)
if (error) {
fprintf (stderr, "getnameinfo() error printing address: %s\n",
gai_strerror (error));
- strcpy (hostaddrstring, "[address unprintable]");
+ strlcpy (hostaddrstring, "[address unprintable]",
+ sizeof(hostaddrstring));
}
printf("Trying %s...\r\n", hostaddrstring);
#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
diff --git a/src/kadmin/dbutil/dumpv4.c b/src/kadmin/dbutil/dumpv4.c
index e6bd1f407..065206ab3 100644
--- a/src/kadmin/dbutil/dumpv4.c
+++ b/src/kadmin/dbutil/dumpv4.c
@@ -183,7 +183,7 @@ dump_v4_iterator(ptr, entry)
if (! principal->name[0])
return 0;
if (! principal->instance[0])
- strcpy(principal->instance, "*");
+ strlcpy(principal->instance, "*", sizeof(principal->instance));
/* Now move to mod princ */
if ((retval = krb5_dbe_lookup_mod_princ_data(util_context,entry,
@@ -202,9 +202,9 @@ dump_v4_iterator(ptr, entry)
}
if (! principal->mod_name[0])
- strcpy(principal->mod_name, "*");
+ strlcpy(principal->mod_name, "*", sizeof(principal->mod_name));
if (! principal->mod_instance[0])
- strcpy(principal->mod_instance, "*");
+ strlcpy(principal->mod_instance, "*", sizeof(principal->mod_instance));
/* OK deal with the key now. */
for (max_kvno = i = 0; i < entry->n_key_data; i++) {
diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c
index 673d2a9af..b834425b3 100644
--- a/src/kadmin/server/ipropd_svc.c
+++ b/src/kadmin/server/ipropd_svc.c
@@ -229,9 +229,8 @@ getclhoststr(char *clprinc, char *cl, int len)
/* XXX "!++s"? */
if (!++s)
return NULL;
- if (strlen(s) >= len)
+ if (strlcpy(cl, s, len) >= len)
return NULL;
- strcpy(cl, s);
/* XXX Copy with @REALM first, with bounds check, then
chop off the realm?? */
if ((s = strchr(cl, '@')) != NULL) {
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 76aa2ca85..e8a6896e7 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -58,7 +58,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
or the caller passed in garbage */
ret = KRB5KRB_AP_ERR_MODIFIED;
numresult = KRB5_KPASSWD_MALFORMED;
- strcpy(strresult, "Request was truncated");
+ strlcpy(strresult, "Request was truncated", sizeof(strresult));
goto chpwfail;
}
@@ -93,7 +93,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
if (ptr + ap_req.length >= req->data + req->length) {
ret = KRB5KRB_AP_ERR_MODIFIED;
numresult = KRB5_KPASSWD_MALFORMED;
- strcpy(strresult, "Request was truncated in AP-REQ");
+ strlcpy(strresult, "Request was truncated in AP-REQ",
+ sizeof(strresult));
goto chpwfail;
}
@@ -105,7 +106,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
ret = krb5_auth_con_init(context, &auth_context);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed initializing auth context");
+ strlcpy(strresult, "Failed initializing auth context",
+ sizeof(strresult));
goto chpwfail;
}
@@ -113,7 +115,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed initializing auth context");
+ strlcpy(strresult, "Failed initializing auth context",
+ sizeof(strresult));
goto chpwfail;
}
@@ -121,7 +124,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
"kadmin", "changepw", NULL);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed building kadmin/changepw principal");
+ strlcpy(strresult, "Failed building kadmin/changepw principal",
+ sizeof(strresult));
goto chpwfail;
}
@@ -130,7 +134,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
if (ret) {
numresult = KRB5_KPASSWD_AUTHERROR;
- strcpy(strresult, "Failed reading application request");
+ strlcpy(strresult, "Failed reading application request",
+ sizeof(strresult));
goto chpwfail;
}
@@ -141,7 +146,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
if (getsockname(s, &local_addr, &addrlen) < 0) {
ret = errno;
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed getting server internet address");
+ strlcpy(strresult, "Failed getting server internet address",
+ sizeof(strresult));
goto chpwfail;
}
@@ -173,7 +179,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
if (getpeername(s, &remote_addr, &addrlen) < 0) {
ret = errno;
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed getting client internet address");
+ strlcpy(strresult, "Failed getting client internet address",
+ sizeof(strresult));
goto chpwfail;
}
@@ -205,7 +212,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
&remote_kaddr);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed storing client internet address");
+ strlcpy(strresult, "Failed storing client internet address",
+ sizeof(strresult));
goto chpwfail;
}
@@ -213,7 +221,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
if (!(ticket->enc_part2->flags & TKT_FLG_INITIAL)) {
numresult = KRB5_KPASSWD_AUTHERROR;
- strcpy(strresult, "Ticket must be derived from a password");
+ strlcpy(strresult, "Ticket must be derived from a password",
+ sizeof(strresult));
goto chpwfail;
}
@@ -222,7 +231,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
ret = krb5_mk_rep(context, auth_context, &ap_rep);
if (ret) {
numresult = KRB5_KPASSWD_AUTHERROR;
- strcpy(strresult, "Failed replying to application request");
+ strlcpy(strresult, "Failed replying to application request",
+ sizeof(strresult));
goto chpwfail;
}
@@ -234,14 +244,15 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
ret = krb5_rd_priv(context, auth_context, &cipher, &clear, &replay);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed decrypting request");
+ strlcpy(strresult, "Failed decrypting request", sizeof(strresult));
goto chpwfail;
}
ret = krb5_unparse_name(context, ticket->enc_part2->client, &clientstr);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed unparsing client name for log");
+ strlcpy(strresult, "Failed unparsing client name for log",
+ sizeof(strresult));
goto chpwfail;
}
/* change the password */
@@ -282,7 +293,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
/* success! */
numresult = KRB5_KPASSWD_SUCCESS;
- strcpy(strresult, "");
+ strlcpy(strresult, "", sizeof(strresult));
chpwfail:
@@ -303,14 +314,16 @@ chpwfail:
NULL);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult,
- "Failed storing client and server internet addresses");
+ strlcpy(strresult,
+ "Failed storing client and server internet addresses",
+ sizeof(strresult));
} else {
ret = krb5_mk_priv(context, auth_context, &clear, &cipher,
&replay);
if (ret) {
numresult = KRB5_KPASSWD_HARDERROR;
- strcpy(strresult, "Failed encrypting reply");
+ strlcpy(strresult, "Failed encrypting reply",
+ sizeof(strresult));
}
}
}
diff --git a/src/kdc/fakeka.c b/src/kdc/fakeka.c
index 21344596e..f861d48ed 100644
--- a/src/kdc/fakeka.c
+++ b/src/kdc/fakeka.c
@@ -51,6 +51,7 @@
#include <com_err.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/des.h>
+#include <k5-platform.h>
#ifndef LINT
static char rcsid[]=
@@ -778,14 +779,14 @@ packet_t req, reply;
* Initialize these so we don't crash trying to print them in
* case they don't get filled in.
*/
- strcpy(rname, "Unknown");
- strcpy(rinst, "Unknown");
- strcpy(sname, "Unknown");
- strcpy(sinst, "Unknown");
- strcpy(cname, "Unknown");
- strcpy(cinst, "Unknown");
- strcpy(cell, "Unknown");
- strcpy(realm, "Unknown");
+ strlcpy(rname, "Unknown", sizeof(rname));
+ strlcpy(rinst, "Unknown", sizeof(rinst));
+ strlcpy(sname, "Unknown", sizeof(sname));
+ strlcpy(sinst, "Unknown", sizeof(sinst));
+ strlcpy(cname, "Unknown", sizeof(cname));
+ strlcpy(cinst, "Unknown", sizeof(cinst));
+ strlcpy(cell, "Unknown", sizeof(cell));
+ strlcpy(realm, "Unknown", sizeof(realm));
p = req->base;
maxn = req->len;
@@ -797,7 +798,7 @@ packet_t req, reply;
GET_PSTR(cell);
if (!cell[0])
- strcpy(cell, localcell);
+ strlcpy(cell, localcell, sizeof(cell));
if (debug)
fprintf(stderr, "Cell is %s\n", cell);
@@ -963,7 +964,7 @@ packet_t req, reply;
(strcasecmp(cell, localcell) == 0)) {
char *c;
- strcpy(rinst, localcell);
+ strlcpy(rinst, localcell, sizeof(rinst));
for (c = rinst; *c != NULL; c++)
*c = (char) tolower( (int) *c);
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index a1acdfd1a..a8f9241ea 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -101,7 +101,7 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client,
free(a);
return ENOMEM;
}
- strcpy(p, "hello");
+ strlcpy(p, "hello", GREET_SIZE);
a->magic = KV5M_AUTHDATA;
a->ad_type = -42;
a->length = GREET_SIZE;
diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c
index b2bfa4b54..8ac015b7f 100644
--- a/src/kdc/kerberos_v4.c
+++ b/src/kdc/kerberos_v4.c
@@ -288,7 +288,7 @@ static char * v4_klog( int type, const char *format, ...)
case L_NTGT_INTK:
case L_TKT_REQ:
case L_APPL_REQ:
- strcpy(log_text, "PROCESS_V4:");
+ strlcpy(log_text, "PROCESS_V4:", sizeof(log_text));
vsnprintf(log_text+strlen(log_text),
sizeof(log_text) - strlen(log_text),
format, pvar);
diff --git a/src/kdc/network.c b/src/kdc/network.c
index 3bad9650c..615049964 100644
--- a/src/kdc/network.c
+++ b/src/kdc/network.c
@@ -160,7 +160,7 @@ static const char *paddr (struct sockaddr *sa)
if (getnameinfo(sa, socklen(sa),
buf, sizeof(buf), portbuf, sizeof(portbuf),
NI_NUMERICHOST|NI_NUMERICSERV))
- strcpy(buf, "<unprintable>");
+ strlcpy(buf, "<unprintable>", sizeof(buf));
else {
unsigned int len = sizeof(buf) - strlen(buf);
char *p = buf + strlen(buf);
@@ -695,7 +695,7 @@ setup_udp_port(void *P_data, struct sockaddr *addr)
err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf),
0, 0, NI_NUMERICHOST);
if (err)
- strcpy(haddrbuf, "<unprintable>");
+ strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf));
switch (addr->sa_family) {
case AF_INET:
@@ -1192,7 +1192,7 @@ static void process_packet(struct connection *conn, const char *prog,
char addrbuf[100];
if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
0, 0, NI_NUMERICHOST))
- strcpy(addrbuf, "?");
+ strlcpy(addrbuf, "?", sizeof(addrbuf));
com_err(prog, 0, "pktinfo says local addr is %s", addrbuf);
}
#endif
@@ -1216,7 +1216,7 @@ static void process_packet(struct connection *conn, const char *prog,
krb5_free_data(kdc_context, response);
if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
- strcpy(addrbuf, "?");
+ strlcpy(addrbuf, "?", sizeof(addrbuf));
}
com_err(prog, errno, "while sending reply to %s/%d",
addrbuf, faddr.port);
@@ -1269,7 +1269,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
tmpbuf, sizeof(tmpbuf),
NI_NUMERICHOST | NI_NUMERICSERV))
- strcpy(newconn->u.tcp.addrbuf, "???");
+ strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
else {
char *p, *end;
p = newconn->u.tcp.addrbuf;
@@ -1277,7 +1277,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
p += strlen(p);
if (end - p > 2 + strlen(tmpbuf)) {
*p++ = '.';
- strcpy(p, tmpbuf);
+ strlcpy(p, tmpbuf, end - p);
}
}
#if 0
diff --git a/src/lib/crypto/cksumtype_to_string.c b/src/lib/crypto/cksumtype_to_string.c
index 54a0f3aec..ee1d50ba5 100644
--- a/src/lib/crypto/cksumtype_to_string.c
+++ b/src/lib/crypto/cksumtype_to_string.c
@@ -34,10 +34,9 @@ krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
for (i=0; i<krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == cksumtype) {
- if ((strlen(krb5_cksumtypes_list[i].out_string)+1) > buflen)
+ if (strlcpy(buffer, krb5_cksumtypes_list[i].out_string,
+ buflen) >= buflen)
return(ENOMEM);
-
- strcpy(buffer, krb5_cksumtypes_list[i].out_string);
return(0);
}
}
diff --git a/src/lib/crypto/enctype_to_string.c b/src/lib/crypto/enctype_to_string.c
index f77dbff1c..28fa63ee1 100644
--- a/src/lib/crypto/enctype_to_string.c
+++ b/src/lib/crypto/enctype_to_string.c
@@ -34,10 +34,9 @@ krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
for (i=0; i<krb5_enctypes_length; i++) {
if (krb5_enctypes_list[i].etype == enctype) {
- if ((strlen(krb5_enctypes_list[i].out_string)+1) > buflen)
+ if (strlcpy(buffer, krb5_enctypes_list[i].out_string,
+ buflen) >= buflen)
return(ENOMEM);
-
- strcpy(buffer, krb5_enctypes_list[i].out_string);
return(0);
}
}
diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in
index 36c663f43..3fb46e09b 100644
--- a/src/lib/kadm5/clnt/Makefile.in
+++ b/src/lib/kadm5/clnt/Makefile.in
@@ -14,8 +14,8 @@ SHLIB_EXPDEPS=\
$(TOPLIBD)/libgssapi_krb5$(SHLIBEXT) \
$(TOPLIBD)/libkrb5$(SHLIBEXT) \
$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(COM_ERR_DEPLIB)
-SHLIB_EXPLIBS=-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
+ $(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP)
+SHLIB_EXPLIBS=-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto $(SUPPORT_LIB) -lcom_err
SHLIB_DIRS=-L$(TOPLIBD)
SHLIB_RDIRS=$(KRB5_LIBDIR)
RELDIR=kadm5/clnt
diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
index e6410f2bf..33d8af788 100644
--- a/src/lib/kadm5/srv/Makefile.in
+++ b/src/lib/kadm5/srv/Makefile.in
@@ -22,9 +22,9 @@ SHLIB_EXPDEPS=\
$(TOPLIBD)/libkdb5$(SHLIBEXT) \
$(TOPLIBD)/libkrb5$(SHLIBEXT) \
$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
- $(COM_ERR_DEPLIB)
+ $(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP)
SHLIB_EXPLIBS = -lgssrpc -lgssapi_krb5 -lkdb5 $(KDB5_DB_LIB) \
- -lkrb5 -lk5crypto -lcom_err @GEN_LIB@
+ -lkrb5 -lk5crypto $(SUPPORT_LIB) -lcom_err @GEN_LIB@
SHLIB_DIRS=-L$(TOPLIBD)
SHLIB_RDIRS=$(KRB5_LIBDIR)
RELDIR=kadm5/srv
diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 0d142d6de..b9e58aac6 100644
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -221,8 +221,8 @@ krb5_input_flag_to_string(flag, buffer, buflen)
size_t buflen;
{
if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */
- if(strlen(flags_table[flag].fl_specifier) > buflen) return ENOMEM;
- strcpy(buffer, flags_table[flag].fl_specifier);
+ if(strlcpy(buffer, flags_table[flag].fl_specifier, buflen) >= buflen)
+ return ENOMEM;
return 0;
}
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index eb68f22fd..9c18e5dd8 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -251,7 +251,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
goto clean_n_exit;
}
- strcpy((*lib)->name, lib_name);
+ strlcpy((*lib)->name, lib_name, sizeof((*lib)->name));
#if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST)
#error No database module defined
@@ -341,7 +341,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
goto clean_n_exit;
}
- strcpy((*lib)->name, lib_name);
+ strlcpy((*lib)->name, lib_name, sizeof((*lib)->name));
/* Fetch the list of directories specified in the config
file(s) first. */
diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index 227a42e08..fa95e4851 100644
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -41,9 +41,8 @@ static krb5_error_code
krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab,
char *name, unsigned int namelen)
{
- if (namelen < sizeof("KDB:"))
+ if (strlcpy(name, "KDB:", namelen) >= namelen);
return KRB5_KT_NAME_TOOLONG;
- strcpy(name, "KDB:");
return 0;
}
diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c
index 3a1ca63b9..60c811513 100644
--- a/src/lib/krb5/krb/conv_princ.c
+++ b/src/lib/krb5/krb/conv_princ.c
@@ -169,9 +169,8 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
* It is, so set the new name now, and chop off
* instance's domain name if requested.
*/
- if (strlen (p->v4_str) > ANAME_SZ - 1)
+ if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ)
return KRB5_INVALID_PRINCIPAL;
- strcpy(name, p->v4_str);
if (p->flags & DO_REALM_CONVERSION) {
compo = krb5_princ_component(context, princ, 1);
c = strnchr(compo->data, '.', compo->length);
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index ab491105e..716d3cc43 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -112,11 +112,11 @@ krb5_get_init_creds_password(krb5_context context,
pw0.data = pw0array;
if (password && password[0]) {
- if ((pw0.length = strlen(password)) > sizeof(pw0array)) {
- ret = EINVAL;
- goto cleanup;
+ if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) {
+ ret = EINVAL;
+ goto cleanup;
}
- strcpy(pw0.data, password);
+ pw0.length = strlen(password);
} else {
pw0.data[0] = '\0';
pw0.length = sizeof(pw0array);
@@ -238,7 +238,8 @@ krb5_get_init_creds_password(krb5_context context,
prompt[1].reply = &pw1;
prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
- strcpy(banner, "Password expired. You must change it now.");
+ strlcpy(banner, "Password expired. You must change it now.",
+ sizeof(banner));
for (tries = 3; tries; tries--) {
pw0.length = sizeof(pw0array);
diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c
index 986274d40..2413cebcd 100644
--- a/src/lib/krb5/krb/str_conv.c
+++ b/src/lib/krb5/krb/str_conv.c
@@ -118,11 +118,9 @@ krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen)
}
}
if (out) {
- if (buflen > strlen(out))
- strcpy(buffer, out);
- else
- out = (char *) NULL;
- return((out) ? 0 : ENOMEM);
+ if (strlcpy(buffer, out, buflen) >= buflen)
+ return(ENOMEM);
+ return(0);
}
else
return(EINVAL);
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index 6e6dadc57..83bce2bab 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -600,9 +600,7 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, cons
kret = aname_replacer(selstring, &current, &outstring);
if (outstring) {
/* Copy out the value if there's enough room */
- if (strlen(outstring)+1 <= (size_t) lnsize)
- strcpy(lname, outstring);
- else
+ if (strlcpy(lname, outstring, lnsize) >= lnsize)
kret = KRB5_CONFIG_NOTENUFSPACE;
free(outstring);
}
@@ -728,9 +726,8 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int ln
}
/* Copy out the value if there's enough room */
- if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize)
- strcpy(lname, mapping_values[nvalid-1]);
- else
+ if (strlcpy(lname, mapping_values[nvalid-1],
+ lnsize) >= lnsize)
kret = KRB5_CONFIG_NOTENUFSPACE;
/* Free residue */
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index 258288d93..27641f73a 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -99,9 +99,8 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
*/
if (name == NULL || name[0] == '\0') {
- if (strlen (prefix) >= sizeof(host)-1)
+ if (strlcpy(host, prefix, sizeof(host)) >= sizeof(host))
return KRB5_ERR_HOST_REALM_UNKNOWN;
- strcpy(host,prefix);
} else {
if ( strlen(prefix) + strlen(name) + 3 > MAXDNAME )
return KRB5_ERR_HOST_REALM_UNKNOWN;
diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c
index 022d93cc5..89bb35fcf 100644
--- a/src/lib/krb5/os/ktdefname.c
+++ b/src/lib/krb5/os/ktdefname.c
@@ -44,22 +44,19 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size)
unsigned int namesize = (name_size < 0 ? 0 : name_size);
if (krb5_overridekeyname) {
- if (namesize < (strlen(krb5_overridekeyname)+1))
+ if (strlcpy(name, krb5_overridekeyname, namesize) >= namesize)
return KRB5_CONFIG_NOTENUFSPACE;
- strcpy(name, krb5_overridekeyname);
} else if ((context->profile_secure == FALSE) &&
(cp = getenv("KRB5_KTNAME"))) {
- if (namesize < (strlen(cp)+1))
+ if (strlcpy(name, cp, namesize) >= namesize)
return KRB5_CONFIG_NOTENUFSPACE;
- strcpy(name, cp);
} else if ((profile_get_string(context->profile,
"libdefaults",
"default_keytab_name", NULL,
NULL, &retval) == 0) &&
retval) {
- if (namesize < (strlen(retval)+1))
+ if (strlcpy(name, retval, namesize) >= namesize)
return KRB5_CONFIG_NOTENUFSPACE;
- strcpy(name, retval);
profile_release_string(retval);
} else {
#if defined(_WIN32)
@@ -74,9 +71,8 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size)
snprintf(name, namesize, krb5_defkeyname, defname);
}
#else
- if (namesize < (strlen(krb5_defkeyname)+1))
+ if (strlcpy(name, krb5_defkeyname, namesize) >= namesize)
return KRB5_CONFIG_NOTENUFSPACE;
- strcpy(name, krb5_defkeyname);
#endif
}
return 0;
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 218748273..e95be3af0 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -222,9 +222,9 @@ krb5int_debug_fprint (const char *fmt, ...)
/* %A => addrinfo */
ai = va_arg(args, struct addrinfo *);
if (ai->ai_socktype == SOCK_DGRAM)
- strcpy(tmpbuf, "dgram");
+ strlcpy(tmpbuf, "dgram", sizeof(tmpbuf));
else if (ai->ai_socktype == SOCK_STREAM)
- strcpy(tmpbuf, "stream");
+ strlcpy(tmpbuf, "stream", sizeof(tmpbuf));
else
snprintf(tmpbuf, sizeof(tmpbuf), "socktype%d", ai->ai_socktype);
if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen,
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index 1e67ea034..704e47d6b 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -1735,7 +1735,7 @@ krb5_db2_db_rename(context, from, to)
retval = errno;
goto errout;
}
- strcat(new_policy, ".lock");
+ strlcat(new_policy, ".lock",sizeof(new_policy));
(void) unlink(new_policy);
}
diff --git a/src/tests/resolve/Makefile.in b/src/tests/resolve/Makefile.in
index 2f0815607..f999772b7 100644
--- a/src/tests/resolve/Makefile.in
+++ b/src/tests/resolve/Makefile.in
@@ -16,7 +16,7 @@ resolve: resolve.o
$(CC_LINK) -o $@ resolve.o $(LIBS)
addrinfo-test: addrinfo-test.o
- $(CC_LINK) -o $@ addrinfo-test.o $(LIBS)
+ $(CC_LINK) -o $@ addrinfo-test.o $(SUPPORT_LIB) $(LIBS)
fake-addrinfo-test: fake-addrinfo-test.o
$(CC_LINK) -o $@ fake-addrinfo-test.o $(SUPPORT_LIB) $(LIBS)
diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c
index 35fb0731d..42e4dd62a 100644
--- a/src/tests/resolve/addrinfo-test.c
+++ b/src/tests/resolve/addrinfo-test.c
@@ -44,6 +44,7 @@
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h> /* needed for IPPROTO_* on NetBSD */
+#include <k5-platform.h>
#ifdef USE_FAKE_ADDRINFO
#include "fake-addrinfo.h"
#endif
@@ -284,8 +285,10 @@ int main (int argc, char *argv[])
ap2->ai_addr->sa_family = ap2->ai_family;
}
if (getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof(hbuf),
- pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV))
- strcpy(hbuf, "..."), strcpy(pbuf, "...");
+ pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+ strlcpy(hbuf, "...", sizeof(hbuf));
+ strlcpy(pbuf, "...", sizeof(pbuf));
+ }
printf("%p:\n"
"\tfamily = %s\tproto = %-4s\tsocktype = %s\n",
ap2, familyname(ap2->ai_family),
diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
index d9485cdd7..e9d681b6c 100644
--- a/src/util/et/error_message.c
+++ b/src/util/et/error_message.c
@@ -260,7 +260,7 @@ oops:
if (cp == NULL)
return "Unknown error code";
cp1 = cp;
- strcpy(cp, "Unknown code ");
+ strlcpy(cp, "Unknown code ", ET_EBUFSIZ);
cp += sizeof("Unknown code ") - 1;
if (table_num != 0L) {
(void) error_table_name_r(table_num, cp);
diff --git a/src/util/support/errors.c b/src/util/support/errors.c
index cec10337f..b0c2ae013 100644
--- a/src/util/support/errors.c
+++ b/src/util/support/errors.c
@@ -132,7 +132,8 @@ krb5int_get_error (struct errinfo *ep, long code)
if (code == ep->code && ep->msg) {
r = strdup(ep->msg);
if (r == NULL) {
- strcpy(ep->scratch_buf, _("Out of memory"));
+ strlcpy(ep->scratch_buf, _("Out of memory"),
+ sizeof(ep->scratch_buf));
r = ep->scratch_buf;
}
return r;