[Security] Use 'g_strlcpy' instead of 'strcpy'

sc0w · sc0w · commit 76a5cffd6f7e · 2019-03-05T01:53:35.000+01:00
Fixes Clang static analyzer warnings:

warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
diff --git a/src/core/testasyncgetprop.c b/src/core/testasyncgetprop.c
@@ -37,6 +37,7 @@
 #include <errno.h>
 #include <signal.h>
 #include <assert.h>
+#include <glib.h>
 
 #ifndef TRUE
 #define TRUE 1
@@ -138,7 +139,7 @@ my_strdup (const char *str)
       fprintf (stderr, "malloc failed\n");
       exit (1);
     }
-  strcpy (s, str);
+  g_strlcpy (s, str, (strlen (str) + 1));
 
   return s;
 }
diff --git a/src/core/xprops.c b/src/core/xprops.c
@@ -821,7 +821,7 @@ class_hint_from_results (GetPropertyResults *results,
       return FALSE;
     }
 
-  strcpy (class_hint->res_name, (char *)results->prop);
+  g_strlcpy (class_hint->res_name, (char *)results->prop, (len_name + 1));
 
   if (len_name == (int) results->n_items)
     len_name--;
@@ -837,7 +837,7 @@ class_hint_from_results (GetPropertyResults *results,
       return FALSE;
     }
 
-  strcpy (class_hint->res_class, (char *)results->prop + len_name + 1);
+  g_strlcpy (class_hint->res_class, (char *)results->prop + len_name + 1, (len_class + 1));
 
   XFree (results->prop);
   results->prop = NULL;
@@ -1133,7 +1133,7 @@ meta_prop_get_values (MetaDisplay   *display,
               xmalloc_new_str = ag_Xmalloc (strlen (new_str) + 1);
               if (xmalloc_new_str != NULL)
                 {
-                  strcpy (xmalloc_new_str, new_str);
+                  g_strlcpy (xmalloc_new_str, new_str, (strlen (new_str) + 1));
                   meta_XFree (values[i].v.str);
                   values[i].v.str = xmalloc_new_str;
                 }

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@`
`37`	`37`	`#include <errno.h>`
`38`	`38`	`#include <signal.h>`
`39`	`39`	`#include <assert.h>`
	`40`	`+#include <glib.h>`
`40`	`41`
`41`	`42`	`#ifndef TRUE`
`42`	`43`	`#define TRUE 1`
`@@ -138,7 +139,7 @@ my_strdup (const char *str)`
`138`	`139`	`fprintf (stderr, "malloc failed\n");`
`139`	`140`	`exit (1);`
`140`	`141`	`}`
`141`		`- strcpy (s, str);`
	`142`	`+ g_strlcpy (s, str, (strlen (str) + 1));`
`142`	`143`
`143`	`144`	`return s;`
`144`	`145`	`}`
Original file line number	Diff line number	Diff line change
`@@ -821,7 +821,7 @@ class_hint_from_results (GetPropertyResults *results,`
`821`	`821`	`return FALSE;`
`822`	`822`	`}`
`823`	`823`
`824`		`- strcpy (class_hint->res_name, (char *)results->prop);`
	`824`	`+ g_strlcpy (class_hint->res_name, (char *)results->prop, (len_name + 1));`
`825`	`825`
`826`	`826`	`if (len_name == (int) results->n_items)`
`827`	`827`	`len_name--;`
`@@ -837,7 +837,7 @@ class_hint_from_results (GetPropertyResults *results,`
`837`	`837`	`return FALSE;`
`838`	`838`	`}`
`839`	`839`
`840`		`- strcpy (class_hint->res_class, (char *)results->prop + len_name + 1);`
	`840`	`+ g_strlcpy (class_hint->res_class, (char *)results->prop + len_name + 1, (len_class + 1));`
`841`	`841`
`842`	`842`	`XFree (results->prop);`
`843`	`843`	`results->prop = NULL;`
`@@ -1133,7 +1133,7 @@ meta_prop_get_values (MetaDisplay *display,`
`1133`	`1133`	`xmalloc_new_str = ag_Xmalloc (strlen (new_str) + 1);`
`1134`	`1134`	`if (xmalloc_new_str != NULL)`
`1135`	`1135`	`{`
`1136`		`- strcpy (xmalloc_new_str, new_str);`
	`1136`	`+ g_strlcpy (xmalloc_new_str, new_str, (strlen (new_str) + 1));`
`1137`	`1137`	`meta_XFree (values[i].v.str);`
`1138`	`1138`	`values[i].v.str = xmalloc_new_str;`
`1139`	`1139`	`}`