Safer string copy (issue #335)

Function strncpy() replaced by internal function safe_strcpy()
that always takes care of null-termination.

Author: Atoptool

Diff for: acctproc.c

@@ -973,8 +973,7 @@ acctphotoproc(struct tstat *accproc, int nrprocs)
 			api->mem.majflt = acctexp(acctrec.ac_majflt);
 			api->dsk.rio    = acctexp(acctrec.ac_rw);
 
-			strncpy(api->gen.name, acctrec.ac_comm, PNAMLEN);
-			api->gen.name[PNAMLEN] = '\0';
+			safe_strcpy(api->gen.name, acctrec.ac_comm, sizeof api->gen.name);
 			filled = 1;
 			break;
 
@@ -1002,8 +1001,7 @@ acctphotoproc(struct tstat *accproc, int nrprocs)
 			api->mem.majflt = acctexp(acctrec_v3.ac_majflt);
 			api->dsk.rio    = acctexp(acctrec_v3.ac_rw);
 
-			strncpy(api->gen.name, acctrec_v3.ac_comm, PNAMLEN);
-			api->gen.name[PNAMLEN] = '\0';
+			safe_strcpy(api->gen.name, acctrec_v3.ac_comm, sizeof api->gen.name);
 			filled = 1;
 			break;
 		}

Diff for: atop.c

@@ -379,7 +379,7 @@ main(int argc, char *argv[])
 				if (optind >= argc)
 					prusage(argv[0]);
 
-				strncpy(orawname, argv[optind++], RAWNAMESZ-1);
+				safe_strcpy(orawname, argv[optind++], sizeof orawname);
 
 				if (!rawwriteflag)
 				{	
@@ -402,8 +402,7 @@ main(int argc, char *argv[])
 					}
 					else
 					{
-						strncpy(irawname, argv[optind],
-								RAWNAMESZ-1);
+						safe_strcpy(irawname, argv[optind], sizeof irawname);
 						optind++;
 					}
 				}
@@ -417,8 +416,8 @@ main(int argc, char *argv[])
 				{
 					if (*(argv[optind]) == '/')
 					{
-						strncpy(twindir, argv[optind],
-								RAWNAMESZ-1);
+						safe_strcpy(twindir, argv[optind],
+								sizeof twindir);
 						optind++;
 					}
 				}
@@ -1377,8 +1376,8 @@ twinprepare(void)
 	/*
 	** define current raw file name for both parent and child
 	*/
-	strncpy(irawname, tempname, RAWNAMESZ-1);
-	strncpy(orawname, tempname, RAWNAMESZ-1);
+	safe_strcpy(irawname, tempname, sizeof irawname);
+	safe_strcpy(orawname, tempname, sizeof orawname);
 }
 
 /*

Diff for: atop.h

@@ -179,6 +179,8 @@ int             val2elapstr(int, char *);
 char 		*uid2name(uid_t);
 char		*gid2name(gid_t);
 
+void		safe_strcpy(char *, const char *, size_t);
+
 int		compcpu(const void *, const void *);
 int		compdsk(const void *, const void *);
 int		compmem(const void *, const void *);

Diff for: atophide.c

@@ -361,15 +361,19 @@ anonymize(struct sstat *ssp, struct tstat *tsp, int ntask)
 	char	*standin, *p;
 
 	// anonimize system-level stats
+	//
+	// be sure for that old value is fully wiped, especially
+	// when the original string is langer that the substitute
+	//
 	// - logical volume names
 	//
 	for (i=0; i < ssp->dsk.nlvm; i++)
 	{
 		standin = findstandin(&lvmhead, &lvmsequence,
 		                      "logvol", ssp->dsk.lvm[i].name);
 
-		memset(ssp->dsk.lvm[i].name, '\0', MAXDKNAM); 
-		strncpy(ssp->dsk.lvm[i].name, standin, MAXDKNAM-1);
+		memset(ssp->dsk.lvm[i].name, '\0', sizeof ssp->dsk.lvm[i].name);
+		safe_strcpy(ssp->dsk.lvm[i].name, standin, sizeof ssp->dsk.lvm[i].name);
 	}
 
 	// anonimize system-level stats
@@ -382,8 +386,8 @@ anonymize(struct sstat *ssp, struct tstat *tsp, int ntask)
 
 		memset(ssp->nfs.nfsmounts.nfsmnt[i].mountdev, '\0',
 					sizeof ssp->nfs.nfsmounts.nfsmnt[i].mountdev); 
-		strncpy(ssp->nfs.nfsmounts.nfsmnt[i].mountdev, standin,
-					sizeof ssp->nfs.nfsmounts.nfsmnt[i].mountdev - 1); 
+		safe_strcpy(ssp->nfs.nfsmounts.nfsmnt[i].mountdev, standin,
+					sizeof ssp->nfs.nfsmounts.nfsmnt[i].mountdev);
 	}
 
 	// anonymize process-level stats
@@ -402,7 +406,7 @@ anonymize(struct sstat *ssp, struct tstat *tsp, int ntask)
 		// remove command line arguments
 		//
 		if ( (p = strchr(tsp->gen.cmdline, ' ')) )
-			memset(p, '\0', CMDLEN-(p-tsp->gen.cmdline));
+			memset(p, '\0', CMDLEN-(p - tsp->gen.cmdline));
 
 		// check all allowed names
 		//
@@ -422,11 +426,11 @@ anonymize(struct sstat *ssp, struct tstat *tsp, int ntask)
 			standin = findstandin(&cmdhead, &cmdsequence,
 		                      		"prog", tsp->gen.name);
 
-			memset(tsp->gen.name, '\0', PNAMLEN+1);
-			strncpy(tsp->gen.name, standin, PNAMLEN); 
+			memset(tsp->gen.name, '\0', sizeof tsp->gen.name);
+			safe_strcpy(tsp->gen.name, standin, sizeof tsp->gen.name);
 
-			memset(tsp->gen.cmdline, '\0', CMDLEN+1);
-			strncpy(tsp->gen.cmdline, standin, CMDLEN); 
+			memset(tsp->gen.cmdline, '\0', sizeof tsp->gen.cmdline);
+			safe_strcpy(tsp->gen.cmdline, standin, sizeof tsp->gen.cmdline);
 		}
 	}
 }
@@ -849,3 +853,16 @@ getbranchtime(char *itim, time_t *newtime)
 	*newtime = epoch;
 	return 1;
 }
+
+// copy a string to a destination buffer that will always
+// be null-terminated
+//
+void
+safe_strcpy(char *dst, const char *src, size_t dstsize)
+{
+	if (dstsize == 0)
+		return;
+
+	dst[0] = '\0';
+	strncat(dst, src, dstsize - 1);
+}

Diff for: atopsar.c

@@ -173,10 +173,10 @@ atopsar(int argc, char *argv[])
 				break;
 
 			   case 'r':		/* reading of file data ? */
-				strncpy(irawname, optarg, RAWNAMESZ-1);
+				safe_strcpy(irawname, optarg, RAWNAMESZ);
 
 				if (strcmp(irawname, "-") == 0)
-					strcpy(irawname, "/dev/stdin");
+					safe_strcpy(irawname, "/dev/stdin", RAWNAMESZ);
 
 				rawreadflag++;
 				break;

Diff for: gpucom.c

@@ -536,8 +536,8 @@ gpustat_parse(int version, char *buf, int maxgpu,
 		if (! gpuparse(version, start, gg))
 			return -1;
 
-		strncpy(gg->type,  gputypes[gpunum], MAXGPUTYPE);
-		strncpy(gg->busid, gpubusid[gpunum], MAXGPUBUS);
+		safe_strcpy(gg->type,  gputypes[gpunum], sizeof gg->type);
+		safe_strcpy(gg->busid, gpubusid[gpunum], sizeof gg->busid);
 
 		/*
 		** continue searching for per-process stats for this GPU

Diff for: ifprop.c

@@ -331,8 +331,8 @@ getphysprop(struct ifprop *p)
 	*/
 	memset(&ifreq,  0, sizeof ifreq);
 
-	strncpy((void *)&ifreq.ifr_ifrn.ifrn_name, p->name,
-			sizeof ifreq.ifr_ifrn.ifrn_name-1);
+	safe_strcpy((void *)&ifreq.ifr_ifrn.ifrn_name, p->name,
+			sizeof ifreq.ifr_ifrn.ifrn_name);
 
 #ifdef ETHTOOL_GLINKSETTINGS
 	ethlink = calloc(1, sizeof *ethlink);
@@ -417,8 +417,8 @@ getphysprop(struct ifprop *p)
 		*/
 		memset(&iwreq,  0, sizeof iwreq);
 
-		strncpy(iwreq.ifr_ifrn.ifrn_name, p->name,
-				sizeof iwreq.ifr_ifrn.ifrn_name-1);
+		safe_strcpy(iwreq.ifr_ifrn.ifrn_name, p->name,
+				sizeof iwreq.ifr_ifrn.ifrn_name);
 
 		if ( ioctl(sockfd, SIOCGIWRATE, &iwreq) == 0) 
 		{

Diff for: photosyst.c

@@ -2102,8 +2102,7 @@ static void
 nullmodname(unsigned int major, unsigned int minor,
 		char *curname, struct perdsk *px, int maxlen)
 {
-	strncpy(px->name, curname, maxlen-1);
-	*(px->name+maxlen-1) = 0;
+	safe_strcpy(px->name, curname, maxlen);
 }
 
 static void
@@ -2178,8 +2177,7 @@ lvmmapname(unsigned int major, unsigned int minor,
 				/*
  				** store info in hash list
 				*/
-				strncpy(dmp->name, dentry->d_name, MAXDKNAM);
-				dmp->name[MAXDKNAM-1] = 0;
+				safe_strcpy(dmp->name, dentry->d_name, sizeof dmp->name);
 				dmp->major 	= major(statbuf.st_rdev);
 				dmp->minor 	= minor(statbuf.st_rdev);
 
@@ -2209,8 +2207,7 @@ lvmmapname(unsigned int major, unsigned int minor,
 			/*
 		 	** info found in hash list; fill proper name
 			*/
-			strncpy(px->name, dmp->name, maxlen-1);
-			*(px->name+maxlen-1) = 0;
+			safe_strcpy(px->name, dmp->name, maxlen);
 			return;
 		}
 
@@ -2220,8 +2217,7 @@ lvmmapname(unsigned int major, unsigned int minor,
 	/*
 	** info not found in hash list; fill original name
 	*/
-	strncpy(px->name, curname, maxlen-1);
-	*(px->name+maxlen-1) = 0;
+	safe_strcpy(px->name, curname, maxlen);
 }
 
 /*

Diff for: showgeneric.c

@@ -3790,8 +3790,7 @@ do_username(char *name, char *val)
 {
 	struct passwd	*pwd;
 
-	strncpy(procsel.username, val, sizeof procsel.username -1);
-	procsel.username[sizeof procsel.username -1] = 0;
+	safe_strcpy(procsel.username, val, sizeof procsel.username);
 
 	if (procsel.username[0])
 	{
@@ -3849,7 +3848,7 @@ do_username(char *name, char *val)
 void
 do_procname(char *name, char *val)
 {
-	strncpy(procsel.progname, val, sizeof procsel.progname -1);
+	safe_strcpy(procsel.progname, val, sizeof procsel.progname);
 	procsel.prognamesz = strlen(procsel.progname);
 
 	if (procsel.prognamesz)
@@ -3994,7 +3993,7 @@ do_twindir(char *name, char *val)
 {
 	extern char	twindir[];
 
-	strncpy(twindir, val, RAWNAMESZ-1);
+	safe_strcpy(twindir, val, RAWNAMESZ);
 }
 
 void

Diff for: various.c

@@ -1170,3 +1170,20 @@ gid2name(gid_t gid)
 
 	return NULL;
 }
+
+
+/*
+** copy a string to a destination buffer that will always
+** be null-terminated 
+** 'dstsize' is supposed to be the total size of the
+** destination buffer including null-byte
+*/
+void
+safe_strcpy(char *dst, const char *src, size_t dstsize)
+{
+	if (dstsize == 0)
+		return;
+
+	dst[0] = '\0';
+	strncat(dst, src, dstsize - 1);
+}