From 086742474919ea885884da5af4f78231153d96cd Mon Sep 17 00:00:00 2001 From: def Date: Mon, 12 Oct 2020 18:31:55 +0200 Subject: [PATCH] Fix clang-analyzer-security.insecureAPI.strcpy /media/ddnet/src/engine/server/sql_string_helpers.cpp:74:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] --- src/engine/server/sql_string_helpers.cpp | 10 +++++----- src/engine/server/sql_string_helpers.h | 2 +- src/game/server/score.cpp | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/engine/server/sql_string_helpers.cpp b/src/engine/server/sql_string_helpers.cpp index e07457dd4..1164abdc3 100644 --- a/src/engine/server/sql_string_helpers.cpp +++ b/src/engine/server/sql_string_helpers.cpp @@ -40,7 +40,7 @@ int sqlstr::EscapeLike(char *pDst, const char *pSrc, int DstSize) return DstPos; } -void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString) +void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString, int Size) { char aBuf[20]; int aTimes[7] = @@ -71,7 +71,7 @@ void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString) for(i = 0; i < 7; i++) { Seconds = aTimes[i]; - strcpy(aName, aaNames[i]); + str_copy(aName, aaNames[i], sizeof(aName)); Count = floor((float)AgoTime / (float)Seconds); if(Count != 0) @@ -88,14 +88,14 @@ void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString) { str_format(aBuf, sizeof(aBuf), "%d %ss", Count, aName); } - strcat(pAgoString, aBuf); + str_append(pAgoString, aBuf, Size); if(i + 1 < 7) { // getting second piece now int Seconds2 = aTimes[i + 1]; char aName2[6]; - strcpy(aName2, aaNames[i + 1]); + str_copy(aName2, aaNames[i + 1], sizeof(aName2)); // add second piece if it's greater than 0 int Count2 = floor((float)(AgoTime - (Seconds * Count)) / (float)Seconds2); @@ -110,7 +110,7 @@ void sqlstr::AgoTimeToString(int AgoTime, char *pAgoString) { str_format(aBuf, sizeof(aBuf), " and %d %ss", Count2, aName2); } - strcat(pAgoString, aBuf); + str_append(pAgoString, aBuf, Size); } } } diff --git a/src/engine/server/sql_string_helpers.h b/src/engine/server/sql_string_helpers.h index 27557c9f3..1ec640593 100644 --- a/src/engine/server/sql_string_helpers.h +++ b/src/engine/server/sql_string_helpers.h @@ -8,7 +8,7 @@ void FuzzyString(char *pString, int size); // written number of added bytes int EscapeLike(char *pDst, const char *pSrc, int DstSize); -void AgoTimeToString(int agoTime, char *pAgoString); +void AgoTimeToString(int agoTime, char *pAgoString, int Size); } // namespace sqlstr diff --git a/src/game/server/score.cpp b/src/game/server/score.cpp index 56a9a75b5..a06c1e3ff 100644 --- a/src/game/server/score.cpp +++ b/src/game/server/score.cpp @@ -399,7 +399,7 @@ bool CScore::MapInfoThread(IDbConnection *pSqlServer, const ISqlData *pGameData) char aReleasedString[60] = "\0"; if(Stamp != 0) { - sqlstr::AgoTimeToString(Ago, aAgoString); + sqlstr::AgoTimeToString(Ago, aAgoString, sizeof(aAgoString)); str_format(aReleasedString, sizeof(aReleasedString), ", released %s ago", aAgoString); } @@ -986,7 +986,7 @@ bool CScore::ShowTimesThread(IDbConnection *pSqlServer, const ISqlData *pGameDat int Stamp = pSqlServer->GetInt(3); char aAgoString[40] = "\0"; - sqlstr::AgoTimeToString(Ago, aAgoString); + sqlstr::AgoTimeToString(Ago, aAgoString, sizeof(aAgoString)); if(pData->m_Name[0] != '\0') // last 5 times of a player { @@ -1550,7 +1550,7 @@ bool CScore::GetSavesThread(IDbConnection *pSqlServer, const ISqlData *pGameData char aLastSavedString[60] = "\0"; if(Ago) { - sqlstr::AgoTimeToString(Ago, aAgoString); + sqlstr::AgoTimeToString(Ago, aAgoString, sizeof(aAgoString)); str_format(aLastSavedString, sizeof(aLastSavedString), ", last saved %s ago", aAgoString); }