Include strlcpy and strlcat where not available, so our string ops can be less error-prone.

svn:r1289

7 files changed, 152 insertions, 6 deletions

diff --git a/configure.in b/configure.in
index 67027b56e7..b6b12fc46f 100644
--- a/configure.in
+++ b/configure.in
@@ -137,6 +137,7 @@ dnl These headers are not essential
 AC_CHECK_HEADERS(stdint.h sys/types.h inttypes.h sys/wait.h netinet/in.h arpa/inet.h)
 
 AC_CHECK_FUNCS(gettimeofday ftime socketpair uname inet_aton strptime)
+AC_REPLACE_FUNCS(strlcat strlcpy)
 
 dnl In case we aren't given a working stdint.h, we'll need to grow our own.
 dnl Watch out.
diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt
index d296215c8a..4d65739939 100644
--- a/doc/tor-spec.txt
+++ b/doc/tor-spec.txt
@@ -521,7 +521,7 @@ Every Item begins with a KeywordLine, followed by one or more Objects. A
 KeywordLine begins with a Keyword, optionally followed by a space and more
 non-newline characters, and ends with a newline.  A Keyword is a sequence of
 one or more characters in the set [A-Za-z0-9-].  An Object is a block of
-PGP-encrypted data in Open-PGP-style armor.
+encoded data in pseudo-Open-PGP-style armor. (cf. RFC 2440)
 
 More formally:
 
diff --git a/src/common/Makefile.am b/src/common/Makefile.am
index 7bd90b0bf4..144cc6e8fb 100644
--- a/src/common/Makefile.am
+++ b/src/common/Makefile.am
@@ -6,4 +6,3 @@ noinst_LIBRARIES = libor.a
 libor_a_SOURCES = log.c crypto.c fakepoll.c util.c aes.c tortls.c
 
 noinst_HEADERS = log.h crypto.h fakepoll.h test.h util.h aes.h torint.h tortls.h
-
diff --git a/src/common/strlcat.c b/src/common/strlcat.c
new file mode 100644
index 0000000000..b309648155
--- /dev/null
+++ b/src/common/strlcat.c
@@ -0,0 +1,73 @@
+/*	$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+size_t
+strlcat(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	register char *d = dst;
+	register const char *s = src;
+	register size_t n = siz;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end */
+	while (n-- != 0 && *d != '\0')
+		d++;
+	dlen = d - dst;
+	n = siz - dlen;
+
+	if (n == 0)
+		return(dlen + strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(dlen + (s - src));	/* count does not include NUL */
+}
diff --git a/src/common/strlcpy.c b/src/common/strlcpy.c
new file mode 100644
index 0000000000..2448ec06c8
--- /dev/null
+++ b/src/common/strlcpy.c
@@ -0,0 +1,64 @@
+/* $Id$ */
+/*	$OpenBSD: strlcpy.c,v 1.2 1998/11/06 04:33:16 wvdputte Exp $	*/
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcpy.c,v 1.2 1998/11/06 04:33:16 wvdputte Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Copy src to string dst of size siz.  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t strlcpy(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	register char *d = dst;
+	register const char *s = src;
+	register size_t n = siz;
+
+	if (n == 0)
+		return(strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(s - src);	/* count does not include NUL */
+}
diff --git a/src/common/util.c b/src/common/util.c
index 9194602bd1..87cdd97ce7 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -8,6 +8,13 @@
 #include <sys/utsname.h>
 #endif
 
+#ifndef HAVE_STRLCPY
+#include "strlcpy.c"
+#endif
+#ifndef HAVE_STRLCAT
+#include "strlcat.c"
+#endif
+
 /*
  *    Memory wrappers
  */
@@ -568,12 +575,11 @@ write_str_to_file(const char *fname, const char *str)
   char tempname[1024];
   int fd;
   FILE *file;
-  if (strlen(fname) > 1000) {
-    log(LOG_WARN, "Filename %s is too long.", fname);
+  if ((strlcpy(tempname,fname,1024) >= 1024) ||
+      (strlcat(tempname,".tmp",1024) >= 1024)) {
+    log(LOG_WARN, "Filename %s.tmp too long (>1024 chars)", fname);
     return -1;
   }
-  strcpy(tempname,fname);
-  strcat(tempname,".tmp");
   if ((fd = open(tempname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
     log(LOG_WARN, "Couldn't open %s for writing: %s", tempname,
         strerror(errno));
diff --git a/src/common/util.h b/src/common/util.h
index 63d55c6fe4..f9b2b90eb5 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -32,6 +32,9 @@
 #define INLINE inline
 #endif
 
+size_t strlcat(char *dst, const char *src, size_t siz);
+size_t strlcpy(char *dst, const char *src, size_t siz);
+
 void *tor_malloc(size_t size);
 void *tor_malloc_zero(size_t size);
 void *tor_realloc(void *ptr, size_t size);