From 38f64f559dcfb22c0480a04275102f38927c8cc1 Mon Sep 17 00:00:00 2001 From: lilei19 Date: Wed, 8 Feb 2023 11:29:09 +0800 Subject: [PATCH] change strcpy to strlcpy Signed-off-by: lilei19 --- arch/arm/src/gd32f4/gd32f4xx_serial.c | 2 +- arch/arm/src/nrf52/nrf52_serial.c | 2 +- arch/arm/src/nrf53/nrf53_serial.c | 2 +- arch/arm/src/stm32/stm32_serial.c | 2 +- arch/arm/src/stm32f0l0g0/stm32_serial_v1.c | 2 +- arch/arm/src/stm32f0l0g0/stm32_serial_v2.c | 2 +- arch/arm/src/stm32f7/stm32_serial.c | 2 +- arch/arm/src/stm32h7/stm32_serial.c | 2 +- arch/arm/src/stm32l4/stm32l4_serial.c | 2 +- arch/arm/src/stm32l5/stm32l5_serial.c | 2 +- arch/arm/src/stm32u5/stm32_serial.c | 2 +- arch/arm/src/stm32wb/stm32wb_serial.c | 2 +- arch/arm/src/stm32wl5/stm32wl5_serial.c | 2 +- arch/risc-v/src/bl602/bl602_serial.c | 2 +- audio/audio.c | 19 +++++----- drivers/clk/clk.c | 8 +++-- drivers/clk/clk_rpmsg.c | 16 ++++----- drivers/eeprom/i2c_xx24xx.c | 8 +++-- drivers/mtd/ftl.c | 3 +- drivers/mtd/mtd_config.c | 6 ++-- drivers/mtd/mtd_partition.c | 2 +- drivers/mtd/smart.c | 3 +- drivers/net/rpmsgdrv.c | 2 +- drivers/power/supply/regulator_rpmsg.c | 10 +++--- drivers/sensors/sensor_rpmsg.c | 6 ++-- drivers/sensors/usensor.c | 6 ++-- drivers/video/max7456.c | 2 +- fs/procfs/fs_skeleton.c | 2 +- fs/romfs/fs_romfs.c | 6 ++-- fs/romfs/fs_romfsutil.c | 8 +++-- fs/rpmsgfs/rpmsgfs_client.c | 40 +++++++++------------- fs/rpmsgfs/rpmsgfs_server.c | 8 +++-- fs/vfs/fs_dir.c | 3 +- include/nuttx/net/netfilter/ip_tables.h | 3 +- include/nuttx/wireless/bluetooth/bt_core.h | 4 +-- libs/libc/dirent/lib_nftw.c | 2 +- libs/libc/grp/lib_getgrbufr.c | 12 ++++--- libs/libc/misc/lib_envpath.c | 6 ++-- libs/libc/pwd/lib_getpwbufr.c | 25 +++++++++----- libs/libc/stdlib/lib_openpty.c | 3 +- libs/libc/string/lib_strdup.c | 5 +-- libs/libc/termios/lib_ttynamer.c | 2 +- libs/libc/time/lib_localtime.c | 11 +++--- libs/libc/unistd/lib_getcwd.c | 2 +- net/netfilter/ipt_sockopt.c | 5 +-- sched/environ/env_dup.c | 6 ++-- sched/task/task_setup.c | 6 ++-- 47 files changed, 155 insertions(+), 123 deletions(-) diff --git a/arch/arm/src/gd32f4/gd32f4xx_serial.c b/arch/arm/src/gd32f4/gd32f4xx_serial.c index 44c2b877cd..7ac99ee418 100644 --- a/arch/arm/src/gd32f4/gd32f4xx_serial.c +++ b/arch/arm/src/gd32f4/gd32f4xx_serial.c @@ -2816,7 +2816,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < GD32_NUSART; i++) { diff --git a/arch/arm/src/nrf52/nrf52_serial.c b/arch/arm/src/nrf52/nrf52_serial.c index 37e904239a..d2ec280d30 100644 --- a/arch/arm/src/nrf52/nrf52_serial.c +++ b/arch/arm/src/nrf52/nrf52_serial.c @@ -782,7 +782,7 @@ void arm_serialinit(void) /* Register all remaining UARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < NRF52_NUART; i++) { diff --git a/arch/arm/src/nrf53/nrf53_serial.c b/arch/arm/src/nrf53/nrf53_serial.c index 255e5dcfeb..a9bd71705e 100644 --- a/arch/arm/src/nrf53/nrf53_serial.c +++ b/arch/arm/src/nrf53/nrf53_serial.c @@ -782,7 +782,7 @@ void arm_serialinit(void) /* Register all remaining UARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < NRF53_NUART; i++) { diff --git a/arch/arm/src/stm32/stm32_serial.c b/arch/arm/src/stm32/stm32_serial.c index 1bca0dd73c..0b5552f331 100644 --- a/arch/arm/src/stm32/stm32_serial.c +++ b/arch/arm/src/stm32/stm32_serial.c @@ -3240,7 +3240,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32_NUSART; i++) { diff --git a/arch/arm/src/stm32f0l0g0/stm32_serial_v1.c b/arch/arm/src/stm32f0l0g0/stm32_serial_v1.c index 8f623a860c..b37b94fbe2 100644 --- a/arch/arm/src/stm32f0l0g0/stm32_serial_v1.c +++ b/arch/arm/src/stm32f0l0g0/stm32_serial_v1.c @@ -2480,7 +2480,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32_NUSART; i++) { diff --git a/arch/arm/src/stm32f0l0g0/stm32_serial_v2.c b/arch/arm/src/stm32f0l0g0/stm32_serial_v2.c index 7c6f9e8e5a..19d88d613e 100644 --- a/arch/arm/src/stm32f0l0g0/stm32_serial_v2.c +++ b/arch/arm/src/stm32f0l0g0/stm32_serial_v2.c @@ -1970,7 +1970,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32_NSERIAL; i++) { diff --git a/arch/arm/src/stm32f7/stm32_serial.c b/arch/arm/src/stm32f7/stm32_serial.c index e14288bd44..52fa4741a2 100644 --- a/arch/arm/src/stm32f7/stm32_serial.c +++ b/arch/arm/src/stm32f7/stm32_serial.c @@ -3677,7 +3677,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32_NSERIAL; i++) { diff --git a/arch/arm/src/stm32h7/stm32_serial.c b/arch/arm/src/stm32h7/stm32_serial.c index ad0f500c89..292c775e7e 100644 --- a/arch/arm/src/stm32h7/stm32_serial.c +++ b/arch/arm/src/stm32h7/stm32_serial.c @@ -3890,7 +3890,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32_NSERIAL; i++) { diff --git a/arch/arm/src/stm32l4/stm32l4_serial.c b/arch/arm/src/stm32l4/stm32l4_serial.c index 792b49800e..6392b7c1a1 100644 --- a/arch/arm/src/stm32l4/stm32l4_serial.c +++ b/arch/arm/src/stm32l4/stm32l4_serial.c @@ -3160,7 +3160,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32L4_NLPUART + STM32L4_NUSART + STM32L4_NUART; i++) { diff --git a/arch/arm/src/stm32l5/stm32l5_serial.c b/arch/arm/src/stm32l5/stm32l5_serial.c index a54a36b6b9..c7af93c502 100644 --- a/arch/arm/src/stm32l5/stm32l5_serial.c +++ b/arch/arm/src/stm32l5/stm32l5_serial.c @@ -3093,7 +3093,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32L5_NLPUART + STM32L5_NUSART + STM32L5_NUART; i++) { diff --git a/arch/arm/src/stm32u5/stm32_serial.c b/arch/arm/src/stm32u5/stm32_serial.c index d044c32fab..98357025bb 100644 --- a/arch/arm/src/stm32u5/stm32_serial.c +++ b/arch/arm/src/stm32u5/stm32_serial.c @@ -3093,7 +3093,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32_NLPUART + STM32_NUSART + STM32_NUART; i++) { diff --git a/arch/arm/src/stm32wb/stm32wb_serial.c b/arch/arm/src/stm32wb/stm32wb_serial.c index f5176e4fd0..0a2295da3c 100644 --- a/arch/arm/src/stm32wb/stm32wb_serial.c +++ b/arch/arm/src/stm32wb/stm32wb_serial.c @@ -2754,7 +2754,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32WB_NLPUART + STM32WB_NUSART; i++) { diff --git a/arch/arm/src/stm32wl5/stm32wl5_serial.c b/arch/arm/src/stm32wl5/stm32wl5_serial.c index a5ab7b5c3a..5d0deaf538 100644 --- a/arch/arm/src/stm32wl5/stm32wl5_serial.c +++ b/arch/arm/src/stm32wl5/stm32wl5_serial.c @@ -2848,7 +2848,7 @@ void arm_serialinit(void) /* Register all remaining USARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < STM32WL5_NLPUART + STM32WL5_NUSART; i++) { diff --git a/arch/risc-v/src/bl602/bl602_serial.c b/arch/risc-v/src/bl602/bl602_serial.c index 8746da60e0..21db1149ea 100644 --- a/arch/risc-v/src/bl602/bl602_serial.c +++ b/arch/risc-v/src/bl602/bl602_serial.c @@ -855,7 +855,7 @@ void riscv_serialinit(void) /* Register all UARTs */ - strcpy(devname, "/dev/ttySx"); + strlcpy(devname, "/dev/ttySx", sizeof(devname)); for (i = 0; i < sizeof(g_uart_devs) / sizeof(g_uart_devs[0]); i++) { if (g_uart_devs[i] == 0) diff --git a/audio/audio.c b/audio/audio.c index 6505f1b03c..f646e655a6 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -951,8 +951,8 @@ int audio_register(FAR const char *name, FAR struct audio_lowerhalf_s *dev) /* This is the simple case ... No need to make a directory */ - strcpy(path, "/dev/"); - strcat(path, name); + strlcpy(path, "/dev/", sizeof(path)); + strlcat(path, name, sizeof(path)); #else /* Ensure the path begins with "/dev" as we don't support placing device @@ -973,7 +973,7 @@ int audio_register(FAR const char *name, FAR struct audio_lowerhalf_s *dev) ptr++; } - strcpy(path, "/dev/"); + strlcpy(path, "/dev/", sizeof(path)); pathptr = &path[5]; /* Do mkdir for each segment of the path */ @@ -1009,13 +1009,13 @@ int audio_register(FAR const char *name, FAR struct audio_lowerhalf_s *dev) /* Now build the path for registration */ - strcpy(path, devname); + strlcpy(path, devname, sizeof(path)); if (devname[sizeof(devname)-1] != '/') { - strcat(path, "/"); + strlcat(path, "/", sizeof(path)); } - strcat(path, name); + strlcat(path, name, sizeof(path)); #endif /* CONFIG_AUDIO_DEV_PATH=="/dev" */ @@ -1036,10 +1036,9 @@ int audio_register(FAR const char *name, FAR struct audio_lowerhalf_s *dev) /* Register the Audio device */ - memset(path, 0, AUDIO_MAX_DEVICE_PATH); - strcpy(path, devname); - strcat(path, "/"); - strncat(path, name, AUDIO_MAX_DEVICE_PATH - 11); + strlcpy(path, devname, sizeof(path)); + strlcat(path, "/", sizeof(path)); + strlcat(path, name, sizeof(path)); #endif /* Give the lower-half a context to the upper half */ diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index 6d5ce529d3..6490c56052 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -1136,6 +1136,7 @@ FAR struct clk_s *clk_register(FAR const char *name, FAR void *private_data, size_t private_size) { FAR struct clk_s *clk; + size_t size; size_t off; size_t len; int i; @@ -1163,14 +1164,15 @@ FAR struct clk_s *clk_register(FAR const char *name, } else { - clk = kmm_zalloc(len + strlen(name) + 1); + size = strlen(name) + 1; + clk = kmm_zalloc(len + size); if (!clk) { return NULL; } clk->name = (char *)clk + len; - strcpy((char *)clk->name, name); + strlcpy((char *)clk->name, name, size); } clk->ops = ops; @@ -1190,7 +1192,7 @@ FAR struct clk_s *clk_register(FAR const char *name, else { clk->parent_names[i] = (char *)clk + off; - strcpy((char *)clk->parent_names[i], parent_names[i]); + strlcpy((char *)clk->parent_names[i], parent_names[i], len - off); off += strlen(parent_names[i]) + 1; } } diff --git a/drivers/clk/clk_rpmsg.c b/drivers/clk/clk_rpmsg.c index 20c633b1fd..f023bc8392 100644 --- a/drivers/clk/clk_rpmsg.c +++ b/drivers/clk/clk_rpmsg.c @@ -638,7 +638,7 @@ static int clk_rpmsg_enable(FAR struct clk_s *clk) DEBUGASSERT(len <= size); - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); return clk_rpmsg_sendrecv(ept, CLK_RPMSG_ENABLE, (struct clk_rpmsg_header_s *)msg, @@ -669,7 +669,7 @@ static void clk_rpmsg_disable(FAR struct clk_s *clk) DEBUGASSERT(len <= size); - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); clk_rpmsg_sendrecv(ept, CLK_RPMSG_DISABLE, (struct clk_rpmsg_header_s *)msg, len); @@ -699,7 +699,7 @@ static int clk_rpmsg_is_enabled(FAR struct clk_s *clk) DEBUGASSERT(len <= size); - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); return clk_rpmsg_sendrecv(ept, CLK_RPMSG_ISENABLED, (struct clk_rpmsg_header_s *)msg, len); @@ -732,7 +732,7 @@ static uint32_t clk_rpmsg_round_rate(FAR struct clk_s *clk, uint32_t rate, DEBUGASSERT(len <= size); msg->rate = rate; - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); ret = clk_rpmsg_sendrecv(ept, CLK_RPMSG_ROUNDRATE, (struct clk_rpmsg_header_s *)msg, len); @@ -770,7 +770,7 @@ static int clk_rpmsg_set_rate(FAR struct clk_s *clk, uint32_t rate, DEBUGASSERT(len <= size); msg->rate = rate; - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); return clk_rpmsg_sendrecv(ept, CLK_RPMSG_SETRATE, (struct clk_rpmsg_header_s *)msg, len); @@ -802,7 +802,7 @@ static uint32_t clk_rpmsg_recalc_rate(FAR struct clk_s *clk, DEBUGASSERT(len <= size); - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); ret = clk_rpmsg_sendrecv(ept, CLK_RPMSG_GETRATE, (struct clk_rpmsg_header_s *)msg, len); @@ -838,7 +838,7 @@ static int clk_rpmsg_get_phase(FAR struct clk_s *clk) DEBUGASSERT(len <= size); - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); return clk_rpmsg_sendrecv(ept, CLK_RPMSG_GETPHASE, (struct clk_rpmsg_header_s *)msg, len); @@ -869,7 +869,7 @@ static int clk_rpmsg_set_phase(FAR struct clk_s *clk, int degrees) DEBUGASSERT(len <= size); msg->degrees = degrees; - strcpy(msg->name, name); + strlcpy(msg->name, name, size - sizeof(*msg)); return clk_rpmsg_sendrecv(ept, CLK_RPMSG_SETPHASE, (struct clk_rpmsg_header_s *)msg, len); diff --git a/drivers/eeprom/i2c_xx24xx.c b/drivers/eeprom/i2c_xx24xx.c index 839cf71ddb..11472fb0c3 100644 --- a/drivers/eeprom/i2c_xx24xx.c +++ b/drivers/eeprom/i2c_xx24xx.c @@ -811,6 +811,7 @@ int ee24xx_initialize(FAR struct i2c_master_s *bus, uint8_t devaddr, FAR struct ee24xx_dev_s *eedev; #ifdef CONFIG_AT24CS_UUID FAR char *uuidname; + size_t size; int ret; #endif @@ -877,7 +878,8 @@ int ee24xx_initialize(FAR struct i2c_master_s *bus, uint8_t devaddr, eedev->readonly ? "readonly" : ""); #ifdef CONFIG_AT24CS_UUID - uuidname = kmm_zalloc(strlen(devname) + 8); + size = strlen(devname) + 8; + uuidname = kmm_zalloc(size); if (!uuidname) { return -ENOMEM; @@ -887,8 +889,8 @@ int ee24xx_initialize(FAR struct i2c_master_s *bus, uint8_t devaddr, * EEPROM chip, but with the ".uuid" suffix */ - strcpy(uuidname, devname); - strcat(uuidname, ".uuid"); + strlcpy(uuidname, devname, size); + strlcat(uuidname, ".uuid", size); ret = register_driver(uuidname, &at24cs_uuid_fops, 0444, eedev); kmm_free(uuidname); diff --git a/drivers/mtd/ftl.c b/drivers/mtd/ftl.c index 33482118e3..59f9d1ac1d 100644 --- a/drivers/mtd/ftl.c +++ b/drivers/mtd/ftl.c @@ -478,7 +478,8 @@ static int ftl_geometry(FAR struct inode *inode, geometry->geo_nsectors = dev->geo.neraseblocks * dev->blkper; geometry->geo_sectorsize = dev->geo.blocksize; - strcpy(geometry->geo_model, dev->geo.model); + strlcpy(geometry->geo_model, dev->geo.model, + sizeof(geometry->geo_model)); finfo("available: true mediachanged: false writeenabled: %s\n", geometry->geo_writeenabled ? "true" : "false"); diff --git a/drivers/mtd/mtd_config.c b/drivers/mtd/mtd_config.c index ac1bfde49f..662abcf059 100644 --- a/drivers/mtd/mtd_config.c +++ b/drivers/mtd/mtd_config.c @@ -1336,7 +1336,7 @@ retry_find: /* Save the data at this entry */ #ifdef CONFIG_MTD_CONFIG_NAMED - strcpy(hdr.name, pdata->name); + strlcpy(hdr.name, pdata->name, sizeof(hdr.name)); #else hdr.id = pdata->id; hdr.instance = pdata->instance; @@ -1543,7 +1543,7 @@ static int mtdconfig_firstconfig(FAR struct mtdconfig_struct_s *dev, /* Set other return data items */ #ifdef CONFIG_MTD_CONFIG_NAMED - strcpy(pdata->name, hdr.name); + strlcpy(pdata->name, hdr.name, sizeof(pdata->name)); #else pdata->id = hdr.id; pdata->instance = hdr.instance; @@ -1618,7 +1618,7 @@ static int mtdconfig_nextconfig(FAR struct mtdconfig_struct_s *dev, } #ifdef CONFIG_MTD_CONFIG_NAMED - strcpy(pdata->name, hdr.name); + strlcpy(pdata->name, hdr.name, sizeof(pdata->name)); #else pdata->id = hdr.id; pdata->instance = hdr.instance; diff --git a/drivers/mtd/mtd_partition.c b/drivers/mtd/mtd_partition.c index 7702413687..0b0f8db7f3 100644 --- a/drivers/mtd/mtd_partition.c +++ b/drivers/mtd/mtd_partition.c @@ -855,7 +855,7 @@ FAR struct mtd_dev_s *mtd_partition(FAR struct mtd_dev_s *mtd, part->blkpererase = blkpererase; #ifdef CONFIG_MTD_PARTITION_NAMES - strcpy(part->name, "(noname)"); + strlcpy(part->name, "(noname)", sizeof(part->name)); #endif #if defined(CONFIG_FS_PROCFS) && !defined(CONFIG_PROCFS_EXCLUDE_PARTITIONS) diff --git a/drivers/mtd/smart.c b/drivers/mtd/smart.c index bc7220a182..bc6c16c6e1 100644 --- a/drivers/mtd/smart.c +++ b/drivers/mtd/smart.c @@ -1066,7 +1066,8 @@ static int smart_geometry(FAR struct inode *inode, struct geometry *geometry) dev->sectorsize; geometry->geo_sectorsize = dev->sectorsize; - strcpy(geometry->geo_model, dev->geo.model); + strlcpy(geometry->geo_model, dev->geo.model, + sizeof(geometry->geo_model)); finfo("available: true mediachanged: false writeenabled: %s\n", geometry->geo_writeenabled ? "true" : "false"); diff --git a/drivers/net/rpmsgdrv.c b/drivers/net/rpmsgdrv.c index 2873b50f73..28dc87b6cf 100644 --- a/drivers/net/rpmsgdrv.c +++ b/drivers/net/rpmsgdrv.c @@ -1127,7 +1127,7 @@ int net_rpmsg_drv_init(FAR const char *cpuname, /* Initialize the driver structure */ - strcpy(dev->d_ifname, devname); + strlcpy(dev->d_ifname, devname, sizeof(dev->d_ifname)); dev->d_ifup = net_rpmsg_drv_ifup; /* I/F up (new IP address) callback */ dev->d_ifdown = net_rpmsg_drv_ifdown; /* I/F down callback */ dev->d_txavail = net_rpmsg_drv_txavail; /* New TX data callback */ diff --git a/drivers/power/supply/regulator_rpmsg.c b/drivers/power/supply/regulator_rpmsg.c index 8943618ee6..cbbf79b90f 100644 --- a/drivers/power/supply/regulator_rpmsg.c +++ b/drivers/power/supply/regulator_rpmsg.c @@ -526,7 +526,7 @@ static int regulator_rpmsg_enable(FAR struct regulator_dev_s *rdev) return -ENOMEM; } - strcpy(msg->name, name); + strlcpy(msg->name, name, len - sizeof(*msg)); return regulator_rpmsg_sendrecv(ept, REGULATOR_RPMSG_ENABLE, (struct regulator_rpmsg_header_s *)msg, len); @@ -552,7 +552,7 @@ static int regulator_rpmsg_disable(FAR struct regulator_dev_s *rdev) return -ENOMEM; } - strcpy(msg->name, name); + strlcpy(msg->name, name, len - sizeof(*msg)); return regulator_rpmsg_sendrecv(ept, REGULATOR_RPMSG_DISABLE, (struct regulator_rpmsg_header_s *)msg, len); @@ -580,7 +580,7 @@ static int regulator_rpmsg_set_voltage(FAR struct regulator_dev_s *rdev, return -ENOMEM; } - strcpy(msg->name, name); + strlcpy(msg->name, name, len - sizeof(*msg)); msg->min_uv = min_uv; msg->max_uv = max_uv; @@ -609,7 +609,7 @@ static int regulator_rpmsg_get_voltage(FAR struct regulator_dev_s *rdev) return -ENOMEM; } - strcpy(msg->name, name); + strlcpy(msg->name, name, len - sizeof(*msg)); return regulator_rpmsg_sendrecv(ept, REGULATOR_RPMSG_GET_VOLTAGE, (struct regulator_rpmsg_header_s *)msg, len); @@ -635,7 +635,7 @@ static int regulator_rpmsg_is_enabled(FAR struct regulator_dev_s *rdev) return -ENOMEM; } - strcpy(msg->name, name); + strlcpy(msg->name, name, len - sizeof(*msg)); return regulator_rpmsg_sendrecv(ept, REGULATOR_RPMSG_IS_ENABLED, (struct regulator_rpmsg_header_s *)msg, len); diff --git a/drivers/sensors/sensor_rpmsg.c b/drivers/sensors/sensor_rpmsg.c index 88db70c2e3..661f0ba5c8 100644 --- a/drivers/sensors/sensor_rpmsg.c +++ b/drivers/sensors/sensor_rpmsg.c @@ -1300,13 +1300,15 @@ sensor_rpmsg_register(FAR struct sensor_lowerhalf_s *lower, { FAR struct sensor_rpmsg_ept_s *sre; FAR struct sensor_rpmsg_dev_s *dev; + size_t size; if (lower->ops->fetch) { return lower; } - dev = kmm_zalloc(sizeof(*dev) + strlen(path)); + size = strlen(path); + dev = kmm_zalloc(sizeof(*dev) + size); if (!dev) { return NULL; @@ -1316,7 +1318,7 @@ sensor_rpmsg_register(FAR struct sensor_lowerhalf_s *lower, list_initialize(&dev->stublist); list_initialize(&dev->proxylist); - strcpy(dev->path, path); + strlcpy(dev->path, path, size + 1); dev->nadvertisers = !!lower->ops->activate; dev->push_event = lower->push_event; diff --git a/drivers/sensors/usensor.c b/drivers/sensors/usensor.c index 91155f309b..8fdd18a49d 100644 --- a/drivers/sensors/usensor.c +++ b/drivers/sensors/usensor.c @@ -98,9 +98,11 @@ static int usensor_register(FAR struct usensor_context_s *usensor, FAR const struct sensor_reginfo_s *info) { FAR struct usensor_lowerhalf_s *lower; + size_t size; int ret; - lower = kmm_zalloc(sizeof(*lower) + strlen(info->path)); + size = strlen(info->path); + lower = kmm_zalloc(sizeof(*lower) + size); if (!lower) { return -ENOMEM; @@ -109,7 +111,7 @@ static int usensor_register(FAR struct usensor_context_s *usensor, lower->driver.nbuffer = info->nbuffer; lower->driver.persist = info->persist; lower->driver.ops = &g_usensor_ops; - strcpy(lower->path, info->path); + strlcpy(lower->path, info->path, size + 1); ret = sensor_custom_register(&lower->driver, lower->path, info->esize); if (ret < 0) { diff --git a/drivers/video/max7456.c b/drivers/video/max7456.c index d5bd1bbb78..518d558351 100644 --- a/drivers/video/max7456.c +++ b/drivers/video/max7456.c @@ -1546,7 +1546,7 @@ static int add_interface(FAR const char *path, /* Start with calling @path the interface name. */ - strcpy(buf, path); + strlcpy(buf, path, sizeof(buf)); /* Is the interface actually in a directory named @path? */ diff --git a/fs/procfs/fs_skeleton.c b/fs/procfs/fs_skeleton.c index 8136daf036..182355b21f 100644 --- a/fs/procfs/fs_skeleton.c +++ b/fs/procfs/fs_skeleton.c @@ -428,7 +428,7 @@ static int skel_readdir(FAR struct fs_dirent_s *dir, /* TODO: Add device specific entries */ - strcpy(filename, "dummy"); + strlcpy(filename, "dummy", sizeof(filename)); /* TODO: Specify the type of entry */ diff --git a/fs/romfs/fs_romfs.c b/fs/romfs/fs_romfs.c index bafcdd25bd..e4d065a480 100644 --- a/fs/romfs/fs_romfs.c +++ b/fs/romfs/fs_romfs.c @@ -160,6 +160,7 @@ static int romfs_open(FAR struct file *filep, FAR const char *relpath, struct romfs_nodeinfo_s nodeinfo; FAR struct romfs_mountpt_s *rm; FAR struct romfs_file_s *rf; + size_t size; int ret; finfo("Open '%s'\n", relpath); @@ -247,7 +248,8 @@ static int romfs_open(FAR struct file *filep, FAR const char *relpath, * file. */ - rf = kmm_zalloc(sizeof(struct romfs_file_s) + strlen(relpath)); + size = strlen(relpath); + rf = kmm_zalloc(sizeof(struct romfs_file_s) + size); if (!rf) { ferr("ERROR: Failed to allocate private data\n"); @@ -261,7 +263,7 @@ static int romfs_open(FAR struct file *filep, FAR const char *relpath, rf->rf_size = nodeinfo.rn_size; rf->rf_type = (uint8_t)(nodeinfo.rn_next & RFNEXT_ALLMODEMASK); - strcpy(rf->rf_path, relpath); + strlcpy(rf->rf_path, relpath, size + 1); /* Get the start of the file data */ diff --git a/fs/romfs/fs_romfsutil.c b/fs/romfs/fs_romfsutil.c index 326cf98cb3..8e6127dbf4 100644 --- a/fs/romfs/fs_romfsutil.c +++ b/fs/romfs/fs_romfsutil.c @@ -415,9 +415,11 @@ static int romfs_cachenode(FAR struct romfs_mountpt_s *rm, uint32_t linkoffset; uint32_t info; uint8_t num = 0; + size_t nsize; int ret; - nodeinfo = kmm_zalloc(sizeof(struct romfs_nodeinfo_s) + strlen(name)); + nsize = strlen(name); + nodeinfo = kmm_zalloc(sizeof(struct romfs_nodeinfo_s) + nsize); if (nodeinfo == NULL) { return -ENOMEM; @@ -426,8 +428,8 @@ static int romfs_cachenode(FAR struct romfs_mountpt_s *rm, *pnodeinfo = nodeinfo; nodeinfo->rn_offset = offset; nodeinfo->rn_next = next; - nodeinfo->rn_namesize = strlen(name); - strcpy(nodeinfo->rn_name, name); + nodeinfo->rn_namesize = nsize; + strlcpy(nodeinfo->rn_name, name, nsize + 1); if (!IS_DIRECTORY(next)) { nodeinfo->rn_size = size; diff --git a/fs/rpmsgfs/rpmsgfs_client.c b/fs/rpmsgfs/rpmsgfs_client.c index 1811bcdb5e..d4c2d2bbf3 100644 --- a/fs/rpmsgfs/rpmsgfs_client.c +++ b/fs/rpmsgfs/rpmsgfs_client.c @@ -405,8 +405,7 @@ int rpmsgfs_client_open(FAR void *handle, FAR const char *pathname, uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(pathname) + 1; + len = sizeof(*msg) + strlen(pathname) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -418,7 +417,7 @@ int rpmsgfs_client_open(FAR void *handle, FAR const char *pathname, msg->flags = flags; msg->mode = mode; - strcpy(msg->pathname, pathname); + strlcpy(msg->pathname, pathname, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_OPEN, false, (struct rpmsgfs_header_s *)msg, len, NULL); @@ -651,8 +650,7 @@ FAR void *rpmsgfs_client_opendir(FAR void *handle, FAR const char *name) size_t len; int ret; - len = sizeof(*msg); - len += strlen(name) + 1; + len = sizeof(*msg) + strlen(name) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -662,7 +660,7 @@ FAR void *rpmsgfs_client_opendir(FAR void *handle, FAR const char *name) DEBUGASSERT(len <= space); - strcpy(msg->pathname, name); + strlcpy(msg->pathname, name, space - sizeof(*msg)); ret = rpmsgfs_send_recv(priv, RPMSGFS_OPENDIR, false, (struct rpmsgfs_header_s *)msg, len, NULL); @@ -761,8 +759,7 @@ int rpmsgfs_client_statfs(FAR void *handle, FAR const char *path, uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(path) + 1; + len = sizeof(*msg) + strlen(path) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -772,7 +769,7 @@ int rpmsgfs_client_statfs(FAR void *handle, FAR const char *path, DEBUGASSERT(len <= space); - strcpy(msg->pathname, path); + strlcpy(msg->pathname, path, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_STATFS, false, (struct rpmsgfs_header_s *)msg, len, buf); @@ -785,8 +782,7 @@ int rpmsgfs_client_unlink(FAR void *handle, FAR const char *pathname) uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(pathname) + 1; + len = sizeof(*msg) + strlen(pathname) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -796,7 +792,7 @@ int rpmsgfs_client_unlink(FAR void *handle, FAR const char *pathname) DEBUGASSERT(len <= space); - strcpy(msg->pathname, pathname); + strlcpy(msg->pathname, pathname, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_UNLINK, false, (struct rpmsgfs_header_s *)msg, len, NULL); @@ -810,8 +806,7 @@ int rpmsgfs_client_mkdir(FAR void *handle, FAR const char *pathname, uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(pathname) + 1; + len = sizeof(*msg) + strlen(pathname) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -820,7 +815,7 @@ int rpmsgfs_client_mkdir(FAR void *handle, FAR const char *pathname, } msg->mode = mode; - strcpy(msg->pathname, pathname); + strlcpy(msg->pathname, pathname, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_MKDIR, false, (struct rpmsgfs_header_s *)msg, len, NULL); @@ -833,8 +828,7 @@ int rpmsgfs_client_rmdir(FAR void *handle, FAR const char *pathname) uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(pathname) + 1; + len = sizeof(*msg) + strlen(pathname) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -844,7 +838,7 @@ int rpmsgfs_client_rmdir(FAR void *handle, FAR const char *pathname) DEBUGASSERT(len <= space); - strcpy(msg->pathname, pathname); + strlcpy(msg->pathname, pathname, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_RMDIR, false, (struct rpmsgfs_header_s *)msg, len, NULL); @@ -889,8 +883,7 @@ int rpmsgfs_client_stat(FAR void *handle, FAR const char *path, uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(path) + 1; + len = sizeof(*msg) + strlen(path) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -900,7 +893,7 @@ int rpmsgfs_client_stat(FAR void *handle, FAR const char *path, DEBUGASSERT(len <= space); - strcpy(msg->pathname, path); + strlcpy(msg->pathname, path, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_STAT, false, (struct rpmsgfs_header_s *)msg, len, buf); @@ -928,8 +921,7 @@ int rpmsgfs_client_chstat(FAR void *handle, FAR const char *path, uint32_t space; size_t len; - len = sizeof(*msg); - len += strlen(path) + 1; + len = sizeof(*msg) + strlen(path) + 1; msg = rpmsgfs_get_tx_payload_buffer(priv, &space); if (!msg) @@ -941,7 +933,7 @@ int rpmsgfs_client_chstat(FAR void *handle, FAR const char *path, msg->flags = flags; memcpy(&msg->buf, buf, sizeof(*buf)); - strcpy(msg->pathname, path); + strlcpy(msg->pathname, path, space - sizeof(*msg)); return rpmsgfs_send_recv(priv, RPMSGFS_CHSTAT, false, (struct rpmsgfs_header_s *)msg, len, NULL); diff --git a/fs/rpmsgfs/rpmsgfs_server.c b/fs/rpmsgfs/rpmsgfs_server.c index 92b3e51a71..672c579a69 100644 --- a/fs/rpmsgfs/rpmsgfs_server.c +++ b/fs/rpmsgfs/rpmsgfs_server.c @@ -600,6 +600,7 @@ static int rpmsgfs_readdir_handler(FAR struct rpmsg_endpoint *ept, FAR struct dirent *entry; int ret = -ENOENT; FAR void *dir; + size_t size; dir = rpmsgfs_get_dir(priv, msg->fd); if (dir) @@ -607,9 +608,12 @@ static int rpmsgfs_readdir_handler(FAR struct rpmsg_endpoint *ept, entry = readdir(dir); if (entry) { + size = MIN(rpmsg_virtio_get_buffer_size(ept->rdev), + rpmsg_virtio_get_rx_buffer_size(ept->rdev)); + size = MIN(size - len, strlen(entry->d_name) + 1); msg->type = entry->d_type; - strcpy(msg->name, entry->d_name); - len += strlen(entry->d_name) + 1; + strlcpy(msg->name, entry->d_name, size); + len += size; ret = 0; } } diff --git a/fs/vfs/fs_dir.c b/fs/vfs/fs_dir.c index 1f1ad3a5ba..18009db66a 100644 --- a/fs/vfs/fs_dir.c +++ b/fs/vfs/fs_dir.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -549,7 +550,7 @@ static int dir_ioctl(FAR struct file *filep, int cmd, unsigned long arg) if (cmd == FIOC_FILEPATH) { - strcpy((FAR char *)(uintptr_t)arg, dir->fd_path); + strlcpy((FAR char *)(uintptr_t)arg, dir->fd_path, PATH_MAX); ret = OK; } diff --git a/include/nuttx/net/netfilter/ip_tables.h b/include/nuttx/net/netfilter/ip_tables.h index 0828e36e68..f363b691a8 100644 --- a/include/nuttx/net/netfilter/ip_tables.h +++ b/include/nuttx/net/netfilter/ip_tables.h @@ -68,7 +68,8 @@ (e)->entry.target_offset = sizeof((e)->entry); \ (e)->entry.next_offset = sizeof(*(e)); \ (e)->target.target.u.target_size = sizeof(*(e)) - sizeof((e)->entry); \ - strcpy((e)->target.target.u.user.name, (target_name)); \ + strlcpy((e)->target.target.u.user.name, (target_name), \ + sizeof((e)->target.target.u.user.name)); \ } \ while(0) diff --git a/include/nuttx/wireless/bluetooth/bt_core.h b/include/nuttx/wireless/bluetooth/bt_core.h index fadff5e767..5e71dc8a03 100644 --- a/include/nuttx/wireless/bluetooth/bt_core.h +++ b/include/nuttx/wireless/bluetooth/bt_core.h @@ -196,11 +196,11 @@ static inline int bt_addr_le_to_str(FAR const bt_addr_le_t *addr, char *str, switch (addr->type) { case BT_ADDR_LE_PUBLIC: - strcpy(type, "public"); + strlcpy(type, "public", sizeof(type)); break; case BT_ADDR_LE_RANDOM: - strcpy(type, "random"); + strlcpy(type, "random", sizeof(type)); break; default: diff --git a/libs/libc/dirent/lib_nftw.c b/libs/libc/dirent/lib_nftw.c index 596d78176d..4f737429ec 100644 --- a/libs/libc/dirent/lib_nftw.c +++ b/libs/libc/dirent/lib_nftw.c @@ -201,7 +201,7 @@ do_nftw(FAR char *path, nftw_cb_t fn, int fdlimit, int flags, int level) return -1; } - strcpy(path + j, de->d_name); + strlcpy(path + j, de->d_name, PATH_MAX - j); r = do_nftw(path, fn, fdlimit - 1, flags, level + 1); if (r) { diff --git a/libs/libc/grp/lib_getgrbufr.c b/libs/libc/grp/lib_getgrbufr.c index 52b0aae0e0..b586d57b1b 100644 --- a/libs/libc/grp/lib_getgrbufr.c +++ b/libs/libc/grp/lib_getgrbufr.c @@ -64,6 +64,8 @@ int getgrbuf_r(gid_t gid, FAR const char *name, FAR const char *passwd, { size_t reqdlen; size_t padlen; + size_t namesize; + size_t passwdsize; /* In 'buf' a NULL pointer value will be stored, which must be naturally * aligned, followed by the null terminated group name string and the null @@ -71,8 +73,10 @@ int getgrbuf_r(gid_t gid, FAR const char *name, FAR const char *passwd, * sufficient buffer space was supplied by the caller. */ + namesize = strlen(name) + 1; + passwdsize = strlen(passwd) + 1; padlen = sizeof(FAR void *) - ((uintptr_t)buf % sizeof(FAR char *)); - reqdlen = sizeof(FAR void *) + strlen(name) + 1 + strlen(passwd) + 1; + reqdlen = sizeof(FAR void *) + namesize + passwdsize; if (buflen < padlen + reqdlen) { @@ -84,10 +88,10 @@ int getgrbuf_r(gid_t gid, FAR const char *name, FAR const char *passwd, grp->gr_mem = (FAR char **)&buf[padlen]; grp->gr_name = &buf[padlen + sizeof(FAR char *)]; - grp->gr_passwd = &buf[padlen + sizeof(FAR char *) + strlen(name) + 1]; + grp->gr_passwd = &buf[padlen + sizeof(FAR char *) + namesize]; - strcpy(grp->gr_name, name); - strcpy(grp->gr_passwd, passwd); + strlcpy(grp->gr_name, name, namesize); + strlcpy(grp->gr_passwd, passwd, passwdsize); grp->gr_gid = gid; *grp->gr_mem = NULL; diff --git a/libs/libc/misc/lib_envpath.c b/libs/libc/misc/lib_envpath.c index a0259eee22..0c4b3e7d81 100644 --- a/libs/libc/misc/lib_envpath.c +++ b/libs/libc/misc/lib_envpath.c @@ -84,6 +84,7 @@ ENVPATH_HANDLE envpath_init(FAR const char *name) { FAR struct envpath_s *envpath; FAR char *path; + size_t size; /* Get the value of the PATH variable */ @@ -99,8 +100,9 @@ ENVPATH_HANDLE envpath_init(FAR const char *name) /* Allocate a container for the PATH variable contents */ + size = strlen(path) + 1; envpath = (FAR struct envpath_s *) - lib_malloc(SIZEOF_ENVPATH_S(strlen(path) + 1)); + lib_malloc(SIZEOF_ENVPATH_S(size)); if (!envpath) { @@ -111,7 +113,7 @@ ENVPATH_HANDLE envpath_init(FAR const char *name) /* Populate the container */ - strcpy(envpath->path, path); + strlcpy(envpath->path, path, size); envpath->next = envpath->path; /* And return the containing cast to an opaque handle */ diff --git a/libs/libc/pwd/lib_getpwbufr.c b/libs/libc/pwd/lib_getpwbufr.c index f4d1effb77..26486b0bed 100644 --- a/libs/libc/pwd/lib_getpwbufr.c +++ b/libs/libc/pwd/lib_getpwbufr.c @@ -69,9 +69,16 @@ int getpwbuf_r(uid_t uid, gid_t gid, FAR const char *name, FAR char *buf, size_t buflen, FAR struct passwd **result) { size_t reqdlen; + size_t nsize; + size_t gsize; + size_t dsize; + size_t ssize; - reqdlen = strlen(name) + 1 + strlen(gecos) + 1 + strlen(dir) + 1 + - strlen(shell) + 1; + nsize = strlen(name) + 1; + gsize = strlen(gecos) + 1; + dsize = strlen(dir) + 1; + ssize = strlen(shell) + 1; + reqdlen = nsize + gsize + dsize + ssize; if (buflen < reqdlen) { @@ -82,16 +89,16 @@ int getpwbuf_r(uid_t uid, gid_t gid, FAR const char *name, } pwd->pw_name = buf; - pwd->pw_gecos = &buf[strlen(name) + 1]; - pwd->pw_dir = &buf[strlen(name) + strlen(gecos) + 2]; - pwd->pw_shell = &buf[strlen(name) + strlen(gecos) + strlen(dir) + 3]; + pwd->pw_gecos = &buf[nsize]; + pwd->pw_dir = &buf[nsize + gsize]; + pwd->pw_shell = &buf[nsize + gsize + dsize]; pwd->pw_uid = uid; pwd->pw_gid = gid; - strcpy(pwd->pw_name, name); - strcpy(pwd->pw_gecos, gecos); - strcpy(pwd->pw_dir, dir); - strcpy(pwd->pw_shell, shell); + strlcpy(pwd->pw_name, name, nsize); + strlcpy(pwd->pw_gecos, gecos, gsize); + strlcpy(pwd->pw_dir, dir, dsize); + strlcpy(pwd->pw_shell, shell, ssize); *result = pwd; return 0; diff --git a/libs/libc/stdlib/lib_openpty.c b/libs/libc/stdlib/lib_openpty.c index 747e010ab3..47db4128a0 100644 --- a/libs/libc/stdlib/lib_openpty.c +++ b/libs/libc/stdlib/lib_openpty.c @@ -28,6 +28,7 @@ #include #include #include +#include #include @@ -162,7 +163,7 @@ int openpty(FAR int *master, FAR int *slave, FAR char *name, if (name != NULL) { - strcpy(name, buf); + strlcpy(name, buf, NAME_MAX); } /* Configure the pseudo terminal slave */ diff --git a/libs/libc/string/lib_strdup.c b/libs/libc/string/lib_strdup.c index 90daaf5259..c22e5be6df 100644 --- a/libs/libc/string/lib_strdup.c +++ b/libs/libc/string/lib_strdup.c @@ -35,11 +35,12 @@ #undef strdup /* See mm/README.txt */ FAR char *strdup(FAR const char *s) { - FAR char *news = (FAR char *)lib_malloc(strlen(s) + 1); + size_t size = strlen(s) + 1; + FAR char *news = (FAR char *)lib_malloc(size); if (news) { - strcpy(news, s); + strlcpy(news, s, size); } return news; diff --git a/libs/libc/termios/lib_ttynamer.c b/libs/libc/termios/lib_ttynamer.c index 97dd6d1128..6eb7031012 100644 --- a/libs/libc/termios/lib_ttynamer.c +++ b/libs/libc/termios/lib_ttynamer.c @@ -79,7 +79,7 @@ int ttyname_r(int fd, FAR char *buf, size_t buflen) return ERANGE; } - strcpy(buf, name); + strlcpy(buf, name, buflen); return OK; } } diff --git a/libs/libc/time/lib_localtime.c b/libs/libc/time/lib_localtime.c index 8afebf1821..6faae1acd6 100644 --- a/libs/libc/time/lib_localtime.c +++ b/libs/libc/time/lib_localtime.c @@ -624,7 +624,7 @@ static int tzload(FAR const char *name, size_t namelen = strlen(name); const char tzdirslash[sizeof(TZDIR)] = TZDIR "/"; - if (sizeof(fullname) - sizeof(tzdirslash) <= namelen) + if (sizeof(lsp->fullname) - sizeof(tzdirslash) <= namelen) { goto oops; } @@ -635,7 +635,8 @@ static int tzload(FAR const char *name, */ memcpy(fullname, tzdirslash, sizeof(tzdirslash)); - strcpy(fullname + sizeof(tzdirslash), name); + strlcpy(fullname + sizeof(tzdirslash), name, + sizeof(lsp->fullname) - sizeof(tzdirslash)); /* Set doaccess if NAME contains a ".." file name * component, as such a name could read a file outside @@ -947,7 +948,7 @@ static int tzload(FAR const char *name, if (j + tsabbrlen < TZ_MAX_CHARS) { - strcpy(sp->chars + j, tsabbr); + strlcpy(sp->chars + j, tsabbr, sizeof(sp->chars) - j); charcnt = j + tsabbrlen + 1; ts->ttis[i].tt_desigidx = j; gotabbr++; @@ -2721,7 +2722,7 @@ static int zoneinit(FAR const char *name) g_lcl_ptr->goback = 0; g_lcl_ptr->goahead = 0; init_ttinfo(&g_lcl_ptr->ttis[0], 0, FALSE, 0); - strcpy(g_lcl_ptr->chars, g_utc); + strlcpy(g_lcl_ptr->chars, g_utc, sizeof(g_lcl_ptr->chars)); g_lcl_ptr->defaulttype = 0; return 0; } @@ -2792,7 +2793,7 @@ void tzset(void) zoneinit(""); } - strcpy(g_lcl_tzname, name); + strlcpy(g_lcl_tzname, name, sizeof(g_lcl_tzname)); tzname: settzname(); diff --git a/libs/libc/unistd/lib_getcwd.c b/libs/libc/unistd/lib_getcwd.c index 418253ec9d..15a9769f52 100644 --- a/libs/libc/unistd/lib_getcwd.c +++ b/libs/libc/unistd/lib_getcwd.c @@ -121,7 +121,7 @@ FAR char *getcwd(FAR char *buf, size_t size) /* Copy the cwd to the user buffer */ - strcpy(buf, pwd); + strlcpy(buf, pwd, size); return buf; } #endif /* !CONFIG_DISABLE_ENVIRON */ diff --git a/net/netfilter/ipt_sockopt.c b/net/netfilter/ipt_sockopt.c index 56e23bf3f9..52476c1670 100644 --- a/net/netfilter/ipt_sockopt.c +++ b/net/netfilter/ipt_sockopt.c @@ -362,7 +362,7 @@ FAR struct ipt_replace *ipt_alloc_table(FAR const char *table, return NULL; } - strcpy(repl->name, table); + strlcpy(repl->name, table, sizeof(repl->name)); repl->valid_hooks = valid_hooks; repl->num_entries = num_hooks + 1; repl->size = entry_size; @@ -386,7 +386,8 @@ FAR struct ipt_replace *ipt_alloc_table(FAR const char *table, } error_entry = (FAR struct ipt_error_entry_s *)entry; - strcpy(error_entry->target.errorname, XT_ERROR_TARGET); + strlcpy(error_entry->target.errorname, XT_ERROR_TARGET, + sizeof(error_entry->target.errorname)); IPT_FILL_ENTRY(error_entry, XT_ERROR_TARGET); return repl; diff --git a/sched/environ/env_dup.c b/sched/environ/env_dup.c index 9795666d07..5c65b23325 100644 --- a/sched/environ/env_dup.c +++ b/sched/environ/env_dup.c @@ -65,6 +65,7 @@ int env_dup(FAR struct task_group_s *group, FAR char * const *envcp) { FAR char **envp = NULL; size_t envc = 0; + size_t size; int ret = OK; DEBUGASSERT(group != NULL); @@ -112,7 +113,8 @@ int env_dup(FAR struct task_group_s *group, FAR char * const *envcp) while (envc-- > 0) { - envp[envc] = group_malloc(group, strlen(envcp[envc]) + 1); + size = strlen(envcp[envc]) + 1; + envp[envc] = group_malloc(group, size); if (envp[envc] == NULL) { while (envp[++envc] != NULL) @@ -125,7 +127,7 @@ int env_dup(FAR struct task_group_s *group, FAR char * const *envcp) break; } - strcpy(envp[envc], envcp[envc]); + strlcpy(envp[envc], envcp[envc], size); } } } diff --git a/sched/task/task_setup.c b/sched/task/task_setup.c index 1913881dc0..df0034e0fe 100644 --- a/sched/task/task_setup.c +++ b/sched/task/task_setup.c @@ -591,8 +591,9 @@ static int nxtask_setup_stackargs(FAR struct task_tcb_s *tcb, stackargv[0] = str; nbytes = strlen(name) + 1; - strcpy(str, name); + strlcpy(str, name, strtablen); str += nbytes; + strtablen -= nbytes; /* Copy each argument */ @@ -605,8 +606,9 @@ static int nxtask_setup_stackargs(FAR struct task_tcb_s *tcb, stackargv[i + 1] = str; nbytes = strlen(argv[i]) + 1; - strcpy(str, argv[i]); + strlcpy(str, argv[i], strtablen); str += nbytes; + strtablen -= nbytes; } /* Put a terminator entry at the end of the argv[] array. Then save the