diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-02-22 18:35:08 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-02-22 18:35:08 +0100 |
commit | f6c647f638a2f8da434daadf4fef8fb5d4e3124c (patch) | |
tree | eeadc9def8270f188530cf25a0aa042b19d2b08a | |
parent | 786887049671035a05d63ed5eaca5c30083d2050 (diff) | |
download | libmicrohttpd-f6c647f638a2f8da434daadf4fef8fb5d4e3124c.tar.gz libmicrohttpd-f6c647f638a2f8da434daadf4fef8fb5d4e3124c.zip |
make checkers happier by reducing use of strcpy and strcat
-rw-r--r-- | doc/examples/tlsauthentication.c | 52 | ||||
-rw-r--r-- | src/lib/connection_call_handlers.c | 12 | ||||
-rw-r--r-- | src/microhttpd/connection.c | 12 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 9 |
4 files changed, 51 insertions, 34 deletions
diff --git a/doc/examples/tlsauthentication.c b/doc/examples/tlsauthentication.c index 293e5e65..4c512a3b 100644 --- a/doc/examples/tlsauthentication.c +++ b/doc/examples/tlsauthentication.c | |||
@@ -124,6 +124,7 @@ ask_for_authentication (struct MHD_Connection *connection, const char *realm) | |||
124 | int ret; | 124 | int ret; |
125 | struct MHD_Response *response; | 125 | struct MHD_Response *response; |
126 | char *headervalue; | 126 | char *headervalue; |
127 | size_t slen; | ||
127 | const char *strbase = "Basic realm="; | 128 | const char *strbase = "Basic realm="; |
128 | 129 | ||
129 | response = MHD_create_response_from_buffer (0, NULL, | 130 | response = MHD_create_response_from_buffer (0, NULL, |
@@ -131,37 +132,44 @@ ask_for_authentication (struct MHD_Connection *connection, const char *realm) | |||
131 | if (!response) | 132 | if (!response) |
132 | return MHD_NO; | 133 | return MHD_NO; |
133 | 134 | ||
134 | headervalue = malloc (strlen (strbase) + strlen (realm) + 1); | 135 | slen = strlen (strbase) + strlen (realm) + 1; |
135 | if (!headervalue) | 136 | if (NULL == (headervalue = malloc (slen))) |
136 | return MHD_NO; | 137 | return MHD_NO; |
137 | 138 | snprintf (headervalue, | |
138 | strcpy (headervalue, strbase); | 139 | slen, |
139 | strcat (headervalue, realm); | 140 | "%s%s", |
140 | 141 | strbase, | |
141 | ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue); | 142 | realm); |
143 | ret = MHD_add_response_header (response, | ||
144 | "WWW-Authenticate", | ||
145 | headervalue); | ||
142 | free (headervalue); | 146 | free (headervalue); |
143 | if (!ret) | 147 | if (! ret) |
144 | { | 148 | { |
145 | MHD_destroy_response (response); | 149 | MHD_destroy_response (response); |
146 | return MHD_NO; | 150 | return MHD_NO; |
147 | } | 151 | } |
148 | 152 | ||
149 | ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); | 153 | ret = MHD_queue_response (connection, |
150 | 154 | MHD_HTTP_UNAUTHORIZED, | |
155 | response); | ||
151 | MHD_destroy_response (response); | 156 | MHD_destroy_response (response); |
152 | |||
153 | return ret; | 157 | return ret; |
154 | } | 158 | } |
155 | 159 | ||
160 | |||
156 | static int | 161 | static int |
157 | is_authenticated (struct MHD_Connection *connection, | 162 | is_authenticated (struct MHD_Connection *connection, |
158 | const char *username, const char *password) | 163 | const char *username, |
164 | const char *password) | ||
159 | { | 165 | { |
160 | const char *headervalue; | 166 | const char *headervalue; |
161 | char *expected_b64, *expected; | 167 | char *expected_b64; |
168 | char *expected; | ||
162 | const char *strbase = "Basic "; | 169 | const char *strbase = "Basic "; |
163 | int authenticated; | 170 | int authenticated; |
164 | 171 | size_t slen; | |
172 | |||
165 | headervalue = | 173 | headervalue = |
166 | MHD_lookup_connection_value (connection, MHD_HEADER_KIND, | 174 | MHD_lookup_connection_value (connection, MHD_HEADER_KIND, |
167 | "Authorization"); | 175 | "Authorization"); |
@@ -170,14 +178,14 @@ is_authenticated (struct MHD_Connection *connection, | |||
170 | if (0 != strncmp (headervalue, strbase, strlen (strbase))) | 178 | if (0 != strncmp (headervalue, strbase, strlen (strbase))) |
171 | return 0; | 179 | return 0; |
172 | 180 | ||
173 | expected = malloc (strlen (username) + 1 + strlen (password) + 1); | 181 | slen = strlen (username) + 1 + strlen (password) + 1; |
174 | if (NULL == expected) | 182 | if (NULL == (expected = malloc (slen))) |
175 | return 0; | 183 | return 0; |
176 | 184 | snprintf (expected, | |
177 | strcpy (expected, username); | 185 | slen, |
178 | strcat (expected, ":"); | 186 | "%s:%s", |
179 | strcat (expected, password); | 187 | username, |
180 | 188 | password); | |
181 | expected_b64 = string_to_base64 (expected); | 189 | expected_b64 = string_to_base64 (expected); |
182 | free (expected); | 190 | free (expected); |
183 | if (NULL == expected_b64) | 191 | if (NULL == expected_b64) |
@@ -185,9 +193,7 @@ is_authenticated (struct MHD_Connection *connection, | |||
185 | 193 | ||
186 | authenticated = | 194 | authenticated = |
187 | (strcmp (headervalue + strlen (strbase), expected_b64) == 0); | 195 | (strcmp (headervalue + strlen (strbase), expected_b64) == 0); |
188 | |||
189 | free (expected_b64); | 196 | free (expected_b64); |
190 | |||
191 | return authenticated; | 197 | return authenticated; |
192 | } | 198 | } |
193 | 199 | ||
diff --git a/src/lib/connection_call_handlers.c b/src/lib/connection_call_handlers.c index a6358cce..7bdf8611 100644 --- a/src/lib/connection_call_handlers.c +++ b/src/lib/connection_call_handlers.c | |||
@@ -1233,6 +1233,7 @@ build_header_response (struct MHD_Request *request) | |||
1233 | struct MHD_HTTP_Header *pos; | 1233 | struct MHD_HTTP_Header *pos; |
1234 | char code[256]; | 1234 | char code[256]; |
1235 | char date[128]; | 1235 | char date[128]; |
1236 | size_t datelen; | ||
1236 | char content_length_buf[128]; | 1237 | char content_length_buf[128]; |
1237 | size_t content_length_len; | 1238 | size_t content_length_len; |
1238 | char *data; | 1239 | char *data; |
@@ -1290,7 +1291,8 @@ build_header_response (struct MHD_Request *request) | |||
1290 | sizeof (date)); | 1291 | sizeof (date)); |
1291 | else | 1292 | else |
1292 | date[0] = '\0'; | 1293 | date[0] = '\0'; |
1293 | size += strlen (date); | 1294 | datelen = strlen (date); |
1295 | size += datelen; | ||
1294 | } | 1296 | } |
1295 | else | 1297 | else |
1296 | { | 1298 | { |
@@ -1298,6 +1300,7 @@ build_header_response (struct MHD_Request *request) | |||
1298 | size = 2; | 1300 | size = 2; |
1299 | kind = MHD_FOOTER_KIND; | 1301 | kind = MHD_FOOTER_KIND; |
1300 | off = 0; | 1302 | off = 0; |
1303 | datelen = 0; | ||
1301 | } | 1304 | } |
1302 | 1305 | ||
1303 | /* calculate extra headers we need to add, such as 'Connection: close', | 1306 | /* calculate extra headers we need to add, such as 'Connection: close', |
@@ -1548,9 +1551,10 @@ build_header_response (struct MHD_Request *request) | |||
1548 | } | 1551 | } |
1549 | if (MHD_REQUEST_FOOTERS_RECEIVED == request->state) | 1552 | if (MHD_REQUEST_FOOTERS_RECEIVED == request->state) |
1550 | { | 1553 | { |
1551 | strcpy (&data[off], | 1554 | memcpy (&data[off], |
1552 | date); | 1555 | date, |
1553 | off += strlen (date); | 1556 | datelen); |
1557 | off += datelen; | ||
1554 | } | 1558 | } |
1555 | memcpy (&data[off], | 1559 | memcpy (&data[off], |
1556 | "\r\n", | 1560 | "\r\n", |
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 6a58e04a..0afbe2ac 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -1407,6 +1407,7 @@ build_header_response (struct MHD_Connection *connection) | |||
1407 | struct MHD_HTTP_Header *pos; | 1407 | struct MHD_HTTP_Header *pos; |
1408 | char code[256]; | 1408 | char code[256]; |
1409 | char date[128]; | 1409 | char date[128]; |
1410 | size_t datelen; | ||
1410 | char content_length_buf[128]; | 1411 | char content_length_buf[128]; |
1411 | size_t content_length_len; | 1412 | size_t content_length_len; |
1412 | char *data; | 1413 | char *data; |
@@ -1461,7 +1462,8 @@ build_header_response (struct MHD_Connection *connection) | |||
1461 | sizeof (date)); | 1462 | sizeof (date)); |
1462 | else | 1463 | else |
1463 | date[0] = '\0'; | 1464 | date[0] = '\0'; |
1464 | size += strlen (date); | 1465 | datelen = strlen (date); |
1466 | size += datelen; | ||
1465 | } | 1467 | } |
1466 | else | 1468 | else |
1467 | { | 1469 | { |
@@ -1469,6 +1471,7 @@ build_header_response (struct MHD_Connection *connection) | |||
1469 | size = 2; | 1471 | size = 2; |
1470 | kind = MHD_FOOTER_KIND; | 1472 | kind = MHD_FOOTER_KIND; |
1471 | off = 0; | 1473 | off = 0; |
1474 | datelen = 0; | ||
1472 | } | 1475 | } |
1473 | 1476 | ||
1474 | /* calculate extra headers we need to add, such as 'Connection: close', | 1477 | /* calculate extra headers we need to add, such as 'Connection: close', |
@@ -1713,9 +1716,10 @@ build_header_response (struct MHD_Connection *connection) | |||
1713 | } | 1716 | } |
1714 | if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) | 1717 | if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) |
1715 | { | 1718 | { |
1716 | strcpy (&data[off], | 1719 | memcpy (&data[off], |
1717 | date); | 1720 | date, |
1718 | off += strlen (date); | 1721 | datelen); |
1722 | off += datelen; | ||
1719 | } | 1723 | } |
1720 | memcpy (&data[off], | 1724 | memcpy (&data[off], |
1721 | "\r\n", | 1725 | "\r\n", |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f95f4d62..b0e7ce00 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
385 | uint32_t off; | 385 | uint32_t off; |
386 | uint32_t mod; | 386 | uint32_t mod; |
387 | const char *np; | 387 | const char *np; |
388 | size_t noncelen; | ||
388 | 389 | ||
389 | if (MAX_NONCE_LENGTH <= strlen (nonce)) | 390 | noncelen = strlen (nonce) + 1; |
391 | if (MAX_NONCE_LENGTH < noncelen) | ||
390 | return MHD_NO; /* This should be impossible, but static analysis | 392 | return MHD_NO; /* This should be impossible, but static analysis |
391 | tools have a hard time with it *and* this also | 393 | tools have a hard time with it *and* this also |
392 | protects against unsafe modifications that may | 394 | protects against unsafe modifications that may |
@@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection, | |||
413 | if (0 == nc) | 415 | if (0 == nc) |
414 | { | 416 | { |
415 | /* Fresh nonce, reinitialize array */ | 417 | /* Fresh nonce, reinitialize array */ |
416 | strcpy (nn->nonce, | 418 | memcpy (nn->nonce, |
417 | nonce); | 419 | nonce, |
420 | noncelen); | ||
418 | nn->nc = 0; | 421 | nn->nc = 0; |
419 | nn->nmask = 0; | 422 | nn->nmask = 0; |
420 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); | 423 | MHD_mutex_unlock_chk_ (&daemon->nnc_lock); |