2006-04-22 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
* extra/buzzme/buzzme.c, libpcap-0.9.1-kis/fad-glifc.c,
libpcap-0.9.1-kis/pcap-nit.c,
libpcap-0.9.1-kis/pcap-snoop.c,
libpcap-0.9.1-kis/fad-gifc.c,
libpcap-0.9.1-kis/pcap-linux.c,
pcapsource.cc, tcpclient.cc, gpsmap_cache.cc, ifcontrol.cc:
ensure, that strings copied by 'strncpy()' will be terminated
by '\0'. The following replacements are used for
| strncpy(buf, 0, buf_len);
a) when 'buf[buf_len-1] == '\0' can be guaranteed (e.g. by a
previous memset()):
| strncpy(buf, 0, buf_len - 1);
b) when 'buf[buf_len-1] == '\0' can not be guaranteed:
| strncpy(buf, 0, buf_len);
| buf[buf_len-1] = '\0';
on first glance it seems to be more efficient to use
| strncpy(buf, 0, buf_len-1);
But most 'buf_len' are multiples of 2 or 4 allowing the
compiler to generate more efficient code.
At same places,
| strncpy(buf, 0, sizeof buf);
will be used where applicable.
Perhaps, it would be a good idea to use BSD's strlcpy()
there?
* panelfront_display.cc
most hunks fixes some oddnesses in the assignment/range-check
for 'print_width'.
A range-check was added in PanelFront::StatsPrinter() which
was missing before.
--- kismet-2006-04-R1/extra/buzzme/buzzme.c.strop 2002-07-22 17:01:26.000000000 +0200
+++ kismet-2006-04-R1/extra/buzzme/buzzme.c 2006-04-22 21:08:37.000000000 +0200
@@ -94,6 +94,7 @@ main(int argc, char **argv)
// Figure out program name. Remove path if needed.
strncpy(pname,argv[0],sizeof(pname));
+ pname[sizeof(pname)-1] = '\0';
if ((progname = rindex(pname,'/')) != NULL) {
progname++; // skip slash.
}
--- kismet-2006-04-R1/libpcap-0.9.1-kis/fad-glifc.c.strop 2005-06-21 02:58:08.000000000 +0200
+++ kismet-2006-04-R1/libpcap-0.9.1-kis/fad-glifc.c 2006-04-22 21:08:37.000000000 +0200
@@ -213,6 +213,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
*/
strncpy(ifrflags.lifr_name, ifrp->lifr_name,
sizeof(ifrflags.lifr_name));
+ ifrflags.lifr_name[sizeof(ifrflags.lifr_name)-1] = '\0';
if (ioctl(fd, SIOCGLIFFLAGS, (char *)&ifrflags) < 0) {
if (errno == ENXIO)
continue;
@@ -232,6 +233,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
*/
strncpy(ifrnetmask.lifr_name, ifrp->lifr_name,
sizeof(ifrnetmask.lifr_name));
+ ifrnetmask.lifr_name[sizeof(ifrnetmask.lifr_name)-1] = '\0';
memcpy(&ifrnetmask.lifr_addr, &ifrp->lifr_addr,
sizeof(ifrnetmask.lifr_addr));
if (ioctl(fd, SIOCGLIFNETMASK, (char *)&ifrnetmask) < 0) {
@@ -259,6 +261,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
if (ifrflags.lifr_flags & IFF_BROADCAST) {
strncpy(ifrbroadaddr.lifr_name, ifrp->lifr_name,
sizeof(ifrbroadaddr.lifr_name));
+ ifrbroadaddr.lifr_name[sizeof(ifrbroadaddr.lifr_name)-1] = '\0';
memcpy(&ifrbroadaddr.lifr_addr, &ifrp->lifr_addr,
sizeof(ifrbroadaddr.lifr_addr));
if (ioctl(fd, SIOCGLIFBRDADDR,
@@ -294,6 +297,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
if (ifrflags.lifr_flags & IFF_POINTOPOINT) {
strncpy(ifrdstaddr.lifr_name, ifrp->lifr_name,
sizeof(ifrdstaddr.lifr_name));
+ ifrdstaddr.lifr_name[sizeof(ifrdstaddr.lifr_name)-1] = '\0';
memcpy(&ifrdstaddr.lifr_addr, &ifrp->lifr_addr,
sizeof(ifrdstaddr.lifr_addr));
if (ioctl(fd, SIOCGLIFDSTADDR,
--- kismet-2006-04-R1/libpcap-0.9.1-kis/pcap-nit.c.strop 2005-06-21 02:58:08.000000000 +0200
+++ kismet-2006-04-R1/libpcap-0.9.1-kis/pcap-nit.c 2006-04-22 21:08:37.000000000 +0200
@@ -199,7 +199,7 @@ pcap_inject_nit(pcap_t *p, const void *b
int ret;
memset(&sa, 0, sizeof(sa));
- strncpy(sa.sa_data, device, sizeof(sa.sa_data));
+ strncpy(sa.sa_data, device, sizeof(sa.sa_data)-1);
ret = sendto(p->fd, buf, size, 0, &sa, sizeof(sa));
if (ret == -1) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s",
@@ -273,8 +273,9 @@ pcap_open_live(const char *device, int s
"socket: %s", pcap_strerror(errno));
goto bad;
}
+ memset(&snit, 0, sizeof snit);
snit.snit_family = AF_NIT;
- (void)strncpy(snit.snit_ifname, device, NITIFSIZ);
+ (void)strncpy(snit.snit_ifname, device, sizeof(snit.snit_ifname)-1);
if (bind(fd, (struct sockaddr *)&snit, sizeof(snit))) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
--- kismet-2006-04-R1/libpcap-0.9.1-kis/pcap-snoop.c.strop 2005-06-21 02:58:08.000000000 +0200
+++ kismet-2006-04-R1/libpcap-0.9.1-kis/pcap-snoop.c 2006-04-22 21:08:37.000000000 +0200
@@ -223,7 +223,7 @@ pcap_open_live(const char *device, int s
p->fd = fd;
memset(&sr, 0, sizeof(sr));
sr.sr_family = AF_RAW;
- (void)strncpy(sr.sr_ifname, device, sizeof(sr.sr_ifname));
+ (void)strncpy(sr.sr_ifname, device, sizeof(sr.sr_ifname)-1);
if (bind(fd, (struct sockaddr *)&sr, sizeof(sr))) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "snoop bind: %s",
pcap_strerror(errno));
@@ -316,6 +316,7 @@ pcap_open_live(const char *device, int s
* to be no greater than the MTU.
*/
(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+ ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0';
if (ioctl(fd, SIOCGIFMTU, (char *)&ifr) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCGIFMTU: %s",
pcap_strerror(errno));
--- kismet-2006-04-R1/libpcap-0.9.1-kis/fad-gifc.c.strop 2005-06-21 02:58:08.000000000 +0200
+++ kismet-2006-04-R1/libpcap-0.9.1-kis/fad-gifc.c 2006-04-22 21:08:37.000000000 +0200
@@ -188,6 +188,7 @@ scan_proc_net_dev(pcap_if_t **devlistp,
* it's not up.
*/
strncpy(ifrflags.ifr_name, name, sizeof(ifrflags.ifr_name));
+ ifrflags.ifr_name[sizeof(ifrflags.ifr_name)-1] = '\0';
if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
if (errno == ENXIO)
continue;
@@ -354,6 +355,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
*/
strncpy(ifrflags.ifr_name, ifrp->ifr_name,
sizeof(ifrflags.ifr_name));
+ ifrflags.ifr_name[sizeof(ifrflags.ifr_name)-1] = '\0';
if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
if (errno == ENXIO)
continue;
@@ -373,6 +375,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
*/
strncpy(ifrnetmask.ifr_name, ifrp->ifr_name,
sizeof(ifrnetmask.ifr_name));
+ ifrnetmask.ifr_name[sizeof(ifrnetmask.ifr_name)-1] = '\0';
memcpy(&ifrnetmask.ifr_addr, &ifrp->ifr_addr,
sizeof(ifrnetmask.ifr_addr));
if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifrnetmask) < 0) {
@@ -403,6 +406,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
if (ifrflags.ifr_flags & IFF_BROADCAST) {
strncpy(ifrbroadaddr.ifr_name, ifrp->ifr_name,
sizeof(ifrbroadaddr.ifr_name));
+ ifrbroadaddr.ifr_name[sizeof(ifrbroadaddr.ifr_name)-1] = '\0';
memcpy(&ifrbroadaddr.ifr_addr, &ifrp->ifr_addr,
sizeof(ifrbroadaddr.ifr_addr));
if (ioctl(fd, SIOCGIFBRDADDR,
@@ -442,6 +446,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c
if (ifrflags.ifr_flags & IFF_POINTOPOINT) {
strncpy(ifrdstaddr.ifr_name, ifrp->ifr_name,
sizeof(ifrdstaddr.ifr_name));
+ ifrdstaddr.ifr_name[sizeof(ifrdstaddr.ifr_name)-1] = '\0';
memcpy(&ifrdstaddr.ifr_addr, &ifrp->ifr_addr,
sizeof(ifrdstaddr.ifr_addr));
if (ioctl(fd, SIOCGIFDSTADDR,
--- kismet-2006-04-R1/libpcap-0.9.1-kis/pcap-linux.c.strop 2005-07-19 22:06:52.000000000 +0200
+++ kismet-2006-04-R1/libpcap-0.9.1-kis/pcap-linux.c 2006-04-22 21:08:37.000000000 +0200
@@ -1496,7 +1496,7 @@ iface_get_id(int fd, const char *device,
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)-1);
if (ioctl(fd, SIOCGIFINDEX, &ifr) == -1) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
@@ -1598,7 +1598,7 @@ static void pcap_close_linux( pcap_t *ha
* kernels.
*/
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, handle->md.device, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, handle->md.device, sizeof(ifr.ifr_name)-1);
if (ioctl(handle->fd, SIOCGIFFLAGS, &ifr) == -1) {
fprintf(stderr,
"Can't restore interface flags (SIOCGIFFLAGS failed: %s).\n"
@@ -1714,7 +1714,7 @@ live_open_old(pcap_t *handle, const char
if (promisc) {
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)-1);
if (ioctl(handle->fd, SIOCGIFFLAGS, &ifr) == -1) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"ioctl: %s", pcap_strerror(errno));
@@ -1792,7 +1792,7 @@ iface_bind_old(int fd, const char *devic
socklen_t errlen = sizeof(err);
memset(&saddr, 0, sizeof(saddr));
- strncpy(saddr.sa_data, device, sizeof(saddr.sa_data));
+ strncpy(saddr.sa_data, device, sizeof(saddr.sa_data)-1);
if (bind(fd, &saddr, sizeof(saddr)) == -1) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"bind: %s", pcap_strerror(errno));
@@ -1831,7 +1831,7 @@ iface_get_mtu(int fd, const char *device
return BIGGER_THAN_ALL_MTUS;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)-1);
if (ioctl(fd, SIOCGIFMTU, &ifr) == -1) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
@@ -1851,7 +1851,7 @@ iface_get_arptype(int fd, const char *de
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)-1);
if (ioctl(fd, SIOCGIFHWADDR, &ifr) == -1) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
--- kismet-2006-04-R1/panelfront_display.cc.strop 2005-08-15 17:52:16.000000000 +0200
+++ kismet-2006-04-R1/panelfront_display.cc 2006-04-22 21:08:37.000000000 +0200
@@ -19,6 +19,7 @@
#include "config.h"
#include <math.h>
+#include <sys/param.h>
#include "panelfront.h"
#include "displaynetworksort.h"
@@ -1475,9 +1476,8 @@ int PanelFront::DetailsPrinter(void *in_
char output[1024];
kwin->text.clear();
- int print_width = kwin->print_width;
- if (print_width > 1024)
- print_width = 1023;
+ size_t const print_width = MIN(static_cast<size_t>(kwin->print_width),
+ sizeof(output));
if (details_network == NULL) {
kwin->text.push_back("The network or group being displayed");
@@ -1918,9 +1918,8 @@ int PanelFront::GpsPrinter(void *in_wind
wireless_network *dnet = details_network->virtnet;
- int print_width = kwin->print_width;
- if (print_width > 1024)
- print_width = 1023;
+ size_t const print_width = MIN(static_cast<size_t>(kwin->print_width),
+ sizeof(output));
if (print_width < 32) {
kwin->text.push_back("Display not wide enough");
@@ -2603,7 +2602,8 @@ int PanelFront::StatsPrinter(void *in_wi
vector<string> details_text;
char output[1024];
- const int print_width = kwin->print_width;
+ const size_t print_width = MIN(static_cast<size_t>(kwin->print_width),
+ sizeof(output));
snprintf(output, print_width, "Start : %.24s", ctime((const time_t *) &start_time));
details_text.push_back(output);
@@ -2921,9 +2921,8 @@ int PanelFront::DetailsClientPrinter(voi
char temp[1024];
kwin->text.clear();
- int print_width = kwin->print_width;
- if (print_width > 1024)
- print_width = 1023;
+ size_t const print_width = MIN(static_cast<size_t>(kwin->print_width),
+ sizeof(output));
switch (details_client->type) {
case client_fromds:
--- kismet-2006-04-R1/pcapsource.cc.strop 2006-04-22 21:08:37.000000000 +0200
+++ kismet-2006-04-R1/pcapsource.cc 2006-04-22 21:08:37.000000000 +0200
@@ -2756,7 +2756,7 @@ bool RadiotapBSD::getmediaopt(int& optio
return false;
memset(&ifmr, 0, sizeof(ifmr));
- strncpy(ifmr.ifm_name, ifname.c_str(), sizeof(ifmr.ifm_name));
+ strncpy(ifmr.ifm_name, ifname.c_str(), sizeof(ifmr.ifm_name)-1);
/*
* We must go through the motions of reading all
@@ -2781,7 +2781,7 @@ bool RadiotapBSD::setmediaopt(int option
return false;
memset(&ifmr, 0, sizeof(ifmr));
- strncpy(ifmr.ifm_name, ifname.c_str(), sizeof(ifmr.ifm_name));
+ strncpy(ifmr.ifm_name, ifname.c_str(), sizeof(ifmr.ifm_name)-1);
/*
* We must go through the motions of reading all
@@ -2809,7 +2809,7 @@ bool RadiotapBSD::setmediaopt(int option
delete mwords;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, ifname.c_str(), sizeof(ifr.ifr_name));
+ strncpy(ifr.ifr_name, ifname.c_str(), sizeof(ifr.ifr_name)-1);
ifr.ifr_media = (ifmr.ifm_current &~ IFM_OMASK) | options;
ifr.ifr_media = (ifr.ifr_media &~ IFM_MMASK) | IFM_MAKEMODE(mode);
@@ -2863,7 +2863,7 @@ bool RadiotapBSD::get80211(int type, int
if (!checksocket())
return false;
memset(&ireq, 0, sizeof(ireq));
- strncpy(ireq.i_name, ifname.c_str(), sizeof(ireq.i_name));
+ strncpy(ireq.i_name, ifname.c_str(), sizeof(ireq.i_name)-1);
ireq.i_type = type;
ireq.i_len = len;
ireq.i_data = data;
@@ -2881,7 +2881,7 @@ bool RadiotapBSD::set80211(int type, int
if (!checksocket())
return false;
memset(&ireq, 0, sizeof(ireq));
- strncpy(ireq.i_name, ifname.c_str(), sizeof(ireq.i_name));
+ strncpy(ireq.i_name, ifname.c_str(), sizeof(ireq.i_name)-1);
ireq.i_type = type;
ireq.i_val = val;
ireq.i_len = len;
@@ -2898,6 +2898,7 @@ bool RadiotapBSD::getifflags(int& flags)
return false;
strncpy(ifr.ifr_name, ifname.c_str(), sizeof (ifr.ifr_name));
+ ifr.ifr_name[sizeof (ifr.ifr_name)-1] = '\0';
if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
perror("SIOCGIFFLAGS ioctl failed");
return false;
--- kismet-2006-04-R1/tcpclient.cc.strop 2006-04-22 21:08:37.000000000 +0200
+++ kismet-2006-04-R1/tcpclient.cc 2006-04-22 21:08:37.000000000 +0200
@@ -107,6 +107,7 @@ int TcpClient::Connect(short int in_port
}
strncpy(hostname, in_host, MAXHOSTNAMELEN);
+ hostname[MAXHOSTNAMELEN-1] = '\0';
// Set up our socket
//bzero(&client_sock, sizeof(client_sock));
--- kismet-2006-04-R1/gpsmap_cache.cc.strop 2005-03-10 17:49:34.000000000 +0100
+++ kismet-2006-04-R1/gpsmap_cache.cc 2006-04-22 21:08:37.000000000 +0200
@@ -174,6 +174,8 @@ int ReadGpsCacheFile(const char *in_gpsf
strncpy(pt->bssid, cpt.bssid, MAC_STR_LEN);
strncpy(pt->source, cpt.source, MAC_STR_LEN);
+ pt->bssid[MAC_STR_LEN-1] = '\0';
+ pt->source[MAC_STR_LEN-1] = '\0';
pt->tv_sec = cpt.tv_sec;
pt->tv_usec = cpt.tv_usec;
pt->lat = cpt.lat;
@@ -344,9 +346,10 @@ int WriteGpsCacheFile(const char *in_gps
for (unsigned int nsam = 0; nsam < fheader.num_points; nsam++) {
gpscache_point cpt;
gps_point *pt = (*in_points)[nsam];
-
- strncpy(cpt.bssid, pt->bssid, MAC_STR_LEN);
- strncpy(cpt.source, pt->source, MAC_STR_LEN);
+
+ memset(&cpt, 0, sizeof cpt);
+ strncpy(cpt.bssid, pt->bssid, sizeof(cpt.bssid)-1);
+ strncpy(cpt.source, pt->source, sizeof(cpt.source)-1);
cpt.tv_sec = pt->tv_sec;
cpt.tv_usec = pt->tv_usec;
cpt.lat = pt->lat;
--- kismet-2006-04-R1/ifcontrol.cc.strop 2004-08-09 06:36:01.000000000 +0200
+++ kismet-2006-04-R1/ifcontrol.cc 2006-04-22 21:08:37.000000000 +0200
@@ -32,7 +32,8 @@ int Ifconfig_Set_Flags(const char *in_de
}
// Fetch interface flags
- strncpy(ifr.ifr_name, in_dev, IFNAMSIZ);
+ memset(&ifr, 0, sizeof ifr);
+ strncpy(ifr.ifr_name, in_dev, sizeof(ifr.ifr_name)-1);
ifr.ifr_flags = flags;
if (ioctl(skfd, SIOCSIFFLAGS, &ifr) < 0) {
snprintf(errstr, STATUS_MAX, "SetIFFlags: Unknown interface %s: %s",
@@ -58,7 +59,8 @@ int Ifconfig_Get_Flags(const char *in_de
}
// Fetch interface flags
- strncpy(ifr.ifr_name, in_dev, IFNAMSIZ);
+ memset(&ifr, 0, sizeof ifr);
+ strncpy(ifr.ifr_name, in_dev, sizeof(ifr.ifr_name)-1);
if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0) {
snprintf(errstr, STATUS_MAX, "GetIFFlags: interface %s: %s",
in_dev, strerror(errno));
@@ -96,7 +98,8 @@ int Ifconfig_Get_Hwaddr(const char *in_d
}
// Fetch interface flags
- strncpy(ifr.ifr_name, in_dev, IFNAMSIZ);
+ memset(&ifr, 0, sizeof ifr);
+ strncpy(ifr.ifr_name, in_dev, sizeof(ifr.ifr_name)-1);
if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0) {
snprintf(errstr, STATUS_MAX, "Getting HWAddr: unknown interface %s: %s",
in_dev, strerror(errno));
@@ -122,7 +125,8 @@ int Ifconfig_Set_Hwaddr(const char *in_d
return -1;
}
- strncpy(ifr.ifr_name, in_dev, IFNAMSIZ);
+ memset(&ifr, 0, sizeof ifr);
+ strncpy(ifr.ifr_name, in_dev, sizeof(ifr.ifr_name)-1);
memcpy(ifr.ifr_hwaddr.sa_data, in_hwaddr, 6);
ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
@@ -151,7 +155,8 @@ int Ifconfig_Set_MTU(const char *in_dev,
}
// Fetch interface flags
- strncpy(ifr.ifr_name, in_dev, IFNAMSIZ);
+ memset(&ifr, 0, sizeof ifr);
+ strncpy(ifr.ifr_name, in_dev, sizeof(ifr.ifr_name)-1);
ifr.ifr_mtu = in_mtu;
if (ioctl(skfd, SIOCSIFMTU, &ifr) < 0) {
snprintf(errstr, STATUS_MAX, "Setting MTU: unknown interface %s: %s",