[Forensics-changes] [yara] 128/135: Use strlcat, strlcpy, and snprintf instead of strcat, strcpy and sprint to avoid warning in OpenBSD
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:27:40 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.1.0
in repository yara.
commit a85a72ffd967882e3ee01cac598032a667f3e278
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date: Mon Aug 25 10:18:47 2014 +0200
Use strlcat, strlcpy, and snprintf instead of strcat, strcpy and sprint to avoid warning in OpenBSD
---
libyara/grammar.c | 16 ++++++++--------
libyara/grammar.y | 16 ++++++++--------
libyara/lexer.c | 2 +-
libyara/lexer.l | 2 +-
libyara/proc.c | 4 ++--
5 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 4e8f023..b39e4e8 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -2377,16 +2377,16 @@ yyreduce:
switch((yyvsp[(1) - (1)].expression_type))
{
case EXPRESSION_TYPE_INTEGER:
- strcpy((yyval.c_string), "i");
+ strlcpy((yyval.c_string), "i", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_BOOLEAN:
- strcpy((yyval.c_string), "b");
+ strlcpy((yyval.c_string), "b", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_STRING:
- strcpy((yyval.c_string), "s");
+ strlcpy((yyval.c_string), "s", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_REGEXP:
- strcpy((yyval.c_string), "r");
+ strlcpy((yyval.c_string), "r", MAX_FUNCTION_ARGS);
break;
}
@@ -2406,16 +2406,16 @@ yyreduce:
switch((yyvsp[(3) - (3)].expression_type))
{
case EXPRESSION_TYPE_INTEGER:
- strcat((yyvsp[(1) - (3)].c_string), "i");
+ strlcat((yyvsp[(1) - (3)].c_string), "i", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_BOOLEAN:
- strcat((yyvsp[(1) - (3)].c_string), "b");
+ strlcat((yyvsp[(1) - (3)].c_string), "b", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_STRING:
- strcat((yyvsp[(1) - (3)].c_string), "s");
+ strlcat((yyvsp[(1) - (3)].c_string), "s", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_REGEXP:
- strcat((yyvsp[(1) - (3)].c_string), "r");
+ strlcat((yyvsp[(1) - (3)].c_string), "r", MAX_FUNCTION_ARGS);
break;
}
}
diff --git a/libyara/grammar.y b/libyara/grammar.y
index e54cb20..1bb51f3 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -730,16 +730,16 @@ arguments_list
switch($1)
{
case EXPRESSION_TYPE_INTEGER:
- strcpy($$, "i");
+ strlcpy($$, "i", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_BOOLEAN:
- strcpy($$, "b");
+ strlcpy($$, "b", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_STRING:
- strcpy($$, "s");
+ strlcpy($$, "s", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_REGEXP:
- strcpy($$, "r");
+ strlcpy($$, "r", MAX_FUNCTION_ARGS);
break;
}
@@ -756,16 +756,16 @@ arguments_list
switch($3)
{
case EXPRESSION_TYPE_INTEGER:
- strcat($1, "i");
+ strlcat($1, "i", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_BOOLEAN:
- strcat($1, "b");
+ strlcat($1, "b", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_STRING:
- strcat($1, "s");
+ strlcat($1, "s", MAX_FUNCTION_ARGS);
break;
case EXPRESSION_TYPE_REGEXP:
- strcat($1, "r");
+ strlcat($1, "r", MAX_FUNCTION_ARGS);
break;
}
}
diff --git a/libyara/lexer.c b/libyara/lexer.c
index a6235ac..c7c1e5a 100644
--- a/libyara/lexer.c
+++ b/libyara/lexer.c
@@ -1630,7 +1630,7 @@ YY_RULE_SETUP
s->flags |= SIZED_STRING_FLAGS_DOT_ALL;
s->length = yyextra->lex_buf_len;
- strcpy(s->c_string, yyextra->lex_buf);
+ strlcpy(s->c_string, yyextra->lex_buf, s->length);
yylval->sized_string = s;
diff --git a/libyara/lexer.l b/libyara/lexer.l
index 87b1fd4..e23be72 100644
--- a/libyara/lexer.l
+++ b/libyara/lexer.l
@@ -472,7 +472,7 @@ $({letter}|{digit}|_)* {
s->flags |= SIZED_STRING_FLAGS_DOT_ALL;
s->length = yyextra->lex_buf_len;
- strcpy(s->c_string, yyextra->lex_buf);
+ strlcpy(s->c_string, yyextra->lex_buf, s->length);
yylval->sized_string = s;
diff --git a/libyara/proc.c b/libyara/proc.c
index f704c71..ee13bef 100644
--- a/libyara/proc.c
+++ b/libyara/proc.c
@@ -270,14 +270,14 @@ int yr_process_get_memory(
*first_block = NULL;
- sprintf(buffer, "/proc/%u/maps", pid);
+ snprintf(buffer, sizeof(buffer), "/proc/%u/maps", pid);
FILE* maps = fopen(buffer, "r");
if (maps == NULL)
return ERROR_COULD_NOT_ATTACH_TO_PROCESS;
- sprintf(buffer, "/proc/%u/mem", pid);
+ snprintf(buffer, sizeof(buffer), "/proc/%u/mem", pid);
int mem = open(buffer, O_RDONLY);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list