From 09debb3f26436ee9975f47e14359e33adec667ad Mon Sep 17 00:00:00 2001
From: Andrey Volk <andywolk@gmail.com>
Date: Wed, 29 Jan 2025 23:29:10 +0300
Subject: [PATCH] [xmlrpc-c] Coverity 1500253, 1024634, 1024635, 1227693 fixes.
---
libs/xmlrpc-c/lib/abyss/src/handler.c | 42 ++++++++++++---------------
1 file changed, 19 insertions(+), 23 deletions(-)
diff --git a/libs/xmlrpc-c/lib/abyss/src/handler.c b/libs/xmlrpc-c/lib/abyss/src/handler.c
index 01a255015f..b26217687d 100644
--- a/libs/xmlrpc-c/lib/abyss/src/handler.c
+++ b/libs/xmlrpc-c/lib/abyss/src/handler.c
@@ -247,7 +247,7 @@ sendDirectoryDocument(TList * const listP,
uint32_t k;
if (text) {
- sprintf(z, "Index of %s" CRLF, uri);
+ snprintf(z, sizeof(z), "Index of %s" CRLF, uri);
i = strlen(z)-2;
p = z + i + 2;
@@ -257,17 +257,17 @@ sendDirectoryDocument(TList * const listP,
}
*p = '\0';
- strcat(z, CRLF CRLF
+ strncat(z, CRLF CRLF
"Name Size "
"Date-Time Type" CRLF
"------------------------------------"
- "--------------------------------------------"CRLF);
+ "--------------------------------------------"CRLF, sizeof(z) - strlen(z) - 1);
} else {
- sprintf(z, "<HTML><HEAD><TITLE>Index of %s</TITLE></HEAD><BODY>"
+ snprintf(z, sizeof(z), "<HTML><HEAD><TITLE>Index of %s</TITLE></HEAD><BODY>"
"<H1>Index of %s</H1><PRE>",
uri, uri);
- strcat(z, "Name Size "
- "Date-Time Type<HR WIDTH=100%>"CRLF);
+ strncat(z, "Name Size "
+ "Date-Time Type<HR WIDTH=100%>"CRLF, sizeof(z) - strlen(z) - 1);
}
HTTPWriteBodyChunk(sessionP, z, strlen(z));
@@ -293,7 +293,7 @@ sendDirectoryDocument(TList * const listP,
else
--i;
- strcpy(z, fi->name);
+ snprintf(z, sizeof(z), "%s", fi->name);
k = strlen(z);
@@ -303,14 +303,11 @@ sendDirectoryDocument(TList * const listP,
}
if (k > 24) {
- z[10] = '\0';
- strcpy(z1, z);
- strcat(z1, "...");
- strcat(z1, z + k - 11);
+ snprintf(z1, sizeof(z1), "%.10s...%s", z, z + k - 11);
k = 24;
p = z1 + 24;
} else {
- strcpy(z1, z);
+ snprintf(z1, sizeof(z1), "%s", z);
++k;
p = z1 + k;
@@ -321,11 +318,11 @@ sendDirectoryDocument(TList * const listP,
}
xmlrpc_gmtime(fi->time_write, &ftm);
- sprintf(z2, "%02u/%02u/%04u %02u:%02u:%02u",ftm.tm_mday,ftm.tm_mon+1,
+ snprintf(z2, sizeof(z2), "%02u/%02u/%04u %02u:%02u:%02u",ftm.tm_mday,ftm.tm_mon+1,
ftm.tm_year+1900,ftm.tm_hour,ftm.tm_min,ftm.tm_sec);
if (fi->attrib & A_SUBDIR) {
- strcpy(z3, " -- ");
+ snprintf(z3, sizeof(z3), " -- ");
z4 = "Directory";
} else {
if (fi->size < 9999)
@@ -343,7 +340,7 @@ sendDirectoryDocument(TList * const listP,
}
}
- sprintf(z3, "%5" PRIu64 " %c", fi->size, u);
+ snprintf(z3, sizeof(z3), "%5" PRIu64 " %c", fi->size, u);
if (xmlrpc_streq(fi->name, ".."))
z4 = "";
@@ -355,9 +352,9 @@ sendDirectoryDocument(TList * const listP,
}
if (text)
- sprintf(z, "%s%s %s %s %s"CRLF, z1, p, z3, z2, z4);
+ snprintf(z, sizeof(z), "%s%s %s %s %s"CRLF, z1, p, z3, z2, z4);
else
- sprintf(z, "<A HREF=\"%s%s\">%s</A>%s %s %s %s"CRLF,
+ snprintf(z, sizeof(z), "<A HREF=\"%s%s\">%s</A>%s %s %s %s"CRLF,
fi->name, fi->attrib & A_SUBDIR ? "/" : "",
z1, p, z3, z2, z4);
@@ -366,9 +363,9 @@ sendDirectoryDocument(TList * const listP,
/* Write the tail of the file */
if (text)
- strcpy(z, SERVER_PLAIN_INFO);
+ snprintf(z, sizeof(z), "%s", SERVER_PLAIN_INFO);
else
- strcpy(z, "</PRE>" SERVER_HTML_INFO "</BODY></HTML>" CRLF CRLF);
+ snprintf(z, sizeof(z), "%s", "</PRE>" SERVER_HTML_INFO "</BODY></HTML>" CRLF CRLF);
HTTPWriteBodyChunk(sessionP, z, strlen(z));
}
@@ -689,8 +686,7 @@ HandlerDefaultBuiltin(TSession * const sessionP) {
return TRUE;
}
- strcpy(z, handlerP->filesPath);
- strcat(z, sessionP->requestInfo.uri);
+ snprintf(z, sizeof(z), "%s%s", handlerP->filesPath, sessionP->requestInfo.uri);
p = z + strlen(z) - 1;
if (*p == '/') {
@@ -710,7 +706,7 @@ HandlerDefaultBuiltin(TSession * const sessionP) {
** to avoid problems with some browsers (IE for examples) when
** they generate relative urls */
if (!endingslash) {
- strcpy(z, sessionP->requestInfo.uri);
+ snprintf(z, sizeof(z), "%s", sessionP->requestInfo.uri);
p = z+strlen(z);
*p = '/';
*(p+1) = '\0';
@@ -727,7 +723,7 @@ HandlerDefaultBuiltin(TSession * const sessionP) {
i = handlerP->defaultFileNames.size;
while (i-- > 0) {
*p = '\0';
- strcat(z, (handlerP->defaultFileNames.item[i]));
+ strncat(z, handlerP->defaultFileNames.item[i], sizeof(z) - strlen(z) - 1);
if (FileStat(z, &fs)) {
if (!(fs.st_mode & S_IFDIR))
handleFile(sessionP, z, fs.st_mtime,