Some strncpy/strncat and other cleanups.

Signed-off-by: Martin Schlemmer <azarah@gentoo.org>

5 files changed, 32 insertions, 39 deletions

diff --git a/ChangeLog b/ChangeLog
index dcc73f2..d004002 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
 # $Header$
 
+  10 June 2005; Martin Schlemmer <azarah@gentoo.org> canonicalize.c, getcwd.c,
+  sandbox_futils.c, libsandbox.c:
+  Some strncpy/strncat and other cleanups.
+
 * sandbox-1.2.9 (2005/06/09)
 
   09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
diff --git a/canonicalize.c b/canonicalize.c
index ae06368..9ae002f 100644
--- a/canonicalize.c
+++ b/canonicalize.c
@@ -167,7 +167,7 @@ erealpath(const char *name, char *resolved)
 
 error:
 	if (resolved)
-		strncpy(resolved, rpath, path_max - 1);
+		snprintf(resolved, path_max, "%s", rpath);
 	else
 		free(rpath);
 	return NULL;
diff --git a/getcwd.c b/getcwd.c
index 5d32213..ef7dcd1 100644
--- a/getcwd.c
+++ b/getcwd.c
@@ -1,5 +1,6 @@
 /* These functions find the absolute path to the current working directory.  */
 
+#include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/types.h>
@@ -61,7 +62,7 @@ SB_STATIC char *search_dir(dev_t this_dev, ino_t this_ino, char *path_buf, size_
 		if (slen + 2 > path_size) {
 			goto oops;
 		}
-		strcpy(++ptr, "/");
+		snprintf(++ptr, 2, "/");
 		slen++;
 	}
 	slen++;
@@ -83,7 +84,7 @@ SB_STATIC char *search_dir(dev_t this_dev, ino_t this_ino, char *path_buf, size_
 			if (slen + strlen(d->d_name) > path_size) {
 			    goto oops;
 			}
-			strcpy(ptr + 1, d->d_name);
+			snprintf(ptr + 1, sizeof(d->d_name) + 1, "%s", d->d_name);
 			if (lstat(path_buf, &st) < 0)
 				continue;
 			if (st.st_ino == this_ino && st.st_dev == this_dev) {
@@ -121,13 +122,13 @@ SB_STATIC char *recurser(char *path_buf, size_t path_size, dev_t root_dev, ino_t
 		if (path_size < 2) {
 		    goto oops;
 		}
-		strcpy(path_buf, "/");
+		snprintf(path_buf, 2, "/");
 		return path_buf;
 	}
 	if (strlen(path_buf) + 4 > path_size) {
 	    goto oops;
 	}
-	strcat(path_buf, "/..");
+	snprintf(path_buf, 4, "/..");
 	if (recurser(path_buf, path_size, root_dev, root_ino) == 0)
 		return 0;
 
diff --git a/libsandbox.c b/libsandbox.c
index 23cee46..4ad3f6f 100644
--- a/libsandbox.c
+++ b/libsandbox.c
@@ -387,8 +387,8 @@ static int canonicalize(const char *path, char *resolved_path, int fail_nametool
 				return -1;
 			}
 		}
-		strcat(resolved_path, "/");
-		strncat(resolved_path, path, SB_PATH_MAX - 1);
+		snprintf((char *)(resolved_path + strlen(resolved_path)),
+			SB_PATH_MAX - strlen(resolved_path), "/%s", path);
 
 		if (NULL == erealpath(resolved_path, resolved_path)) {
 			if (errno == ENAMETOOLONG) {
@@ -415,7 +415,7 @@ static char *filter_path(const char *path, int follow_link)
 {
 	struct stat st;
 	int old_errno = errno;
-	char *tmp_str1, *tmp_str2;
+	char tmp_str1[SB_PATH_MAX], tmp_str2[SB_PATH_MAX];
 	char *dname, *bname;
 	char *filtered_path;
 
@@ -428,16 +428,14 @@ static char *filter_path(const char *path, int follow_link)
 
 	if (0 == follow_link) {
 		if (-1 == canonicalize(path, filtered_path, 1))
-			goto error;
+			return NULL;
 	} else {
 		/* Basically we get the realpath which should resolve symlinks,
 		 * etc.  If that fails (might not exist), we try to get the
 		 * realpath of the parent directory, as that should hopefully
 		 * exist.  If all else fails, just go with canonicalize */
 		if (NULL == realpath(path, filtered_path)) {
-			tmp_str1 = strndup(path, SB_PATH_MAX - 1);
-			if (NULL == tmp_str1)
-				goto error;
+			snprintf(tmp_str1, SB_PATH_MAX, "%s", path);
 			
 			dname = dirname(tmp_str1);
 			
@@ -445,40 +443,27 @@ static char *filter_path(const char *path, int follow_link)
 			 * parent directory */
 			if (NULL == realpath(dname, filtered_path)) {
 				/* Fall back to canonicalize */
-				if (-1 == canonicalize(path, filtered_path, 1)) {
-					free(tmp_str1);
-					goto error;
-				}
+				if (-1 == canonicalize(path, filtered_path, 1))
+					return NULL;
 			} else {
 				/* OK, now add the basename to keep our access
 				 * checking happy (don't want '/usr/lib' if we
 				 * tried to do something with non-existing
 				 * file '/usr/lib/cf*' ...) */
-				tmp_str2 = strndup(path, SB_PATH_MAX - 1);
-				if (NULL == tmp_str2) {
-					free(tmp_str1);
-					goto error;
-				}
+				snprintf(tmp_str2, SB_PATH_MAX, "%s", path);
 
 				bname = basename(tmp_str2);
-				if (filtered_path[strlen(filtered_path) - 1] != '/')
-					strncat(filtered_path, "/",
-							SB_PATH_MAX - strlen(filtered_path));
-				strncat(filtered_path, bname,
-						SB_PATH_MAX - strlen(filtered_path));
-				free(tmp_str2);
+				snprintf((char *)(filtered_path + strlen(filtered_path)),
+					SB_PATH_MAX - strlen(filtered_path), "%s%s",
+					(filtered_path[strlen(filtered_path) - 1] != '/') ? "/" : "",
+					bname);
 			}
-						
-			free(tmp_str1);
 		}
 	}
 	
 	errno = old_errno;
 
 	return filtered_path;
-error:
-	free(filtered_path);
-	return NULL;
 }
 
 /*
@@ -1068,6 +1053,7 @@ static void init_env_entries(char ***prefixes_array, int *prefixes_num, const ch
 		pfx_num = 0;
 	} else {
 		char *buffer = NULL;
+		char *buffer_ptr = NULL;
 		int prefixes_env_length = strlen(prefixes_env);
 		int i = 0;
 		int num_delimiters = 0;
@@ -1084,14 +1070,15 @@ static void init_env_entries(char ***prefixes_array, int *prefixes_num, const ch
 			pfx_array = malloc(((num_delimiters * 2) + 1) * sizeof(char *));
 			if (NULL == pfx_array)
 				return;
-			buffer = strndupa(prefixes_env, prefixes_env_length);
+			buffer = strndup(prefixes_env, prefixes_env_length);
 			if (NULL == buffer)
 				return;
+			buffer_ptr = buffer;
 
 #ifdef REENTRANT_STRTOK
-			token = strtok_r(buffer, ":", &buffer);
+			token = strtok_r(buffer_ptr, ":", &buffer_ptr);
 #else
-			token = strtok(buffer, ":");
+			token = strtok(buffer_ptr, ":");
 #endif
 
 			while ((NULL != token) && (strlen(token) > 0)) {
@@ -1115,11 +1102,13 @@ static void init_env_entries(char ***prefixes_array, int *prefixes_num, const ch
 				}
 
 #ifdef REENTRANT_STRTOK
-				token = strtok_r(NULL, ":", &buffer);
+				token = strtok_r(NULL, ":", &buffer_ptr);
 #else
 				token = strtok(NULL, ":");
 #endif
 			}
+
+			free(buffer);
 		} else if (prefixes_env_length > 0) {
 			pfx_array = malloc(2 * sizeof(char *));
 			if (NULL == pfx_array)
@@ -1281,8 +1270,7 @@ static int check_access(sbcontext_t * sbcontext, const char *func, const char *p
 					char tmp_buf[SB_PATH_MAX];
 					char *dname, *rpath;
 
-					strncpy(tmp_buf, path, SB_PATH_MAX - 1);
-					tmp_buf[SB_PATH_MAX - 1] = '\0';
+					snprintf(tmp_buf, SB_PATH_MAX, "%s", path);
 					
 					dname = dirname(tmp_buf);
 					/* Get symlink resolved path */
diff --git a/sandbox_futils.c b/sandbox_futils.c
index 7c6a20f..51c03f3 100644
--- a/sandbox_futils.c
+++ b/sandbox_futils.c
@@ -44,7 +44,7 @@ SB_STATIC char *get_sandbox_path(char *argv0)
 	memset(path, 0, sizeof(path));
 	/* ARGV[0] specifies full path */
 	if (argv0[0] == '/') {
-		strncpy(path, argv0, sizeof(path) - 1);
+		snprintf(path, SB_PATH_MAX, "%s", argv0);
 
 		/* ARGV[0] specifies relative path */
 	} else {