summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/buffers.c9
-rw-r--r--src/or/circuituse.c2
-rw-r--r--src/or/connection_edge.c8
-rw-r--r--src/or/directory.c5
-rw-r--r--src/or/dirserv.c2
-rw-r--r--src/or/dns.c2
-rw-r--r--src/or/rendcommon.c2
-rw-r--r--src/or/rendservice.c6
-rw-r--r--src/or/rephist.c2
-rw-r--r--src/or/routerlist.c2
10 files changed, 22 insertions, 18 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 350d922f74..a4b429f2ed 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -506,7 +506,7 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
(int)strlen(tmpbuf)+1,(int)MAX_SOCKS_ADDR_LEN);
return -1;
}
- strcpy(req->address,tmpbuf);
+ strlcpy(req->address,tmpbuf,sizeof(req->address));
req->port = ntohs(*(uint16_t*)(buf->mem+8));
buf_remove_from_front(buf, 10);
if(!have_warned_about_unsafe_socks) {
@@ -594,7 +594,8 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
}
}
log_fn(LOG_DEBUG,"socks4: Everything is here. Success.");
- strcpy(req->address, socks4_prot == socks4 ? tmpbuf : startaddr);
+ strlcpy(req->address, socks4_prot == socks4 ? tmpbuf : startaddr,
+ sizeof(req->address));
/* XXX on very old netscapes (socks4) the next line triggers an
* assert, because next-buf->mem+1 is greater than buf->datalen.
*/
@@ -605,7 +606,7 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
case 'H': /* head */
case 'P': /* put/post */
case 'C': /* connect */
- strcpy(req->reply,
+ strlcpy(req->reply,
"HTTP/1.0 501 Tor is not an HTTP Proxy\r\n"
"Content-Type: text/html; charset=iso-8859-1\r\n\r\n"
"<html>\n"
@@ -625,7 +626,7 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
"</p>\n"
"</body>\n"
"</html>\n"
-);
+ , MAX_SOCKS_REPLY_LEN);
req->replylen = strlen(req->reply)+1;
/* fall through */
default: /* version is not socks4 or socks5 */
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index c373c366f7..6ec7a640bb 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -717,7 +717,7 @@ circuit_get_open_circ_or_launch(connection_t *conn,
if(circ &&
(desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL)) {
/* then write the service_id into circ */
- strcpy(circ->rend_query, conn->rend_query);
+ strlcpy(circ->rend_query, conn->rend_query, sizeof(circ->rend_query));
}
}
if(!circ)
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index ed2b7f15e6..6db4b5237a 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -419,7 +419,7 @@ static int connection_ap_handshake_process_socks(connection_t *conn) {
return 0;
}
- strcpy(conn->rend_query, socks->address); /* this strcpy is safe -RD */
+ strlcpy(conn->rend_query, socks->address, sizeof(conn->rend_query));
log_fn(LOG_INFO,"Got a hidden service request for ID '%s'", conn->rend_query);
/* see if we already have it cached */
r = rend_cache_lookup_entry(conn->rend_query, &entry);
@@ -594,7 +594,8 @@ int connection_ap_make_bridge(char *address, uint16_t port) {
/* leave version at zero, so the socks_reply is empty */
conn->socks_request->socks_version = 0;
conn->socks_request->has_finished = 0; /* waiting for 'connected' */
- strcpy(conn->socks_request->address, address);
+ strlcpy(conn->socks_request->address, address,
+ sizeof(conn->socks_request->address));
conn->socks_request->port = port;
conn->socks_request->command = SOCKS_COMMAND_CONNECT;
@@ -775,7 +776,8 @@ int connection_exit_begin_conn(cell_t *cell, circuit_t *circ) {
log_fn(LOG_DEBUG,"begin is for rendezvous. configuring stream.");
n_stream->address = tor_strdup("(rendezvous)");
n_stream->state = EXIT_CONN_STATE_CONNECTING;
- strcpy(n_stream->rend_query, circ->rend_query);
+ strlcpy(n_stream->rend_query, circ->rend_query,
+ sizeof(n_stream->rend_query));
tor_assert(connection_edge_is_rendezvous_stream(n_stream));
assert_circuit_ok(circ);
if(rend_service_set_connection_addr_port(n_stream, circ) < 0) {
diff --git a/src/or/directory.c b/src/or/directory.c
index 0418b7b7e7..7b5b7fafd7 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -429,9 +429,8 @@ parse_http_url(char *headers, char **url)
if(s-start < 5 || strcmpstart(start,"/tor/")) { /* need to rewrite it */
*url = tor_malloc(s - start + 5);
- strcpy(*url,"/tor");
- strlcpy((*url)+4, start, s-start+1);
- (*url)[s-start+4] = 0; /* null terminate it */
+ strlcpy(*url,"/tor", s-start+5);
+ strlcat((*url)+4, start, s-start+1);
} else {
*url = tor_strndup(start, s-start);
}
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 06d1a5a81d..725bc1d977 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -476,7 +476,7 @@ list_single_server_status(descriptor_entry_t *desc, int is_live,
*cp++ = '!';
}
if (desc->verified) {
- strcpy(cp, desc->nickname);
+ strlcpy(cp, desc->nickname, sizeof(buf)-(cp-buf));
cp += strlen(cp);
if (!rr_format)
*cp++ = '=';
diff --git a/src/or/dns.c b/src/or/dns.c
index b097c1d24a..728845f260 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -159,7 +159,7 @@ static void send_resolved_cell(connection_t *conn, uint8_t answer_type)
case RESOLVED_TYPE_ERROR_TRANSIENT:
case RESOLVED_TYPE_ERROR:
buf[1] = 24; /* length of "error resolving hostname" */
- strcpy(buf+2, "error resolving hostname");
+ strlcpy(buf+2, "error resolving hostname", buf-2);
buflen = 26;
break;
default:
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 6ee99bc667..1db2aa55fe 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -68,7 +68,7 @@ rend_encode_service_descriptor(rend_service_descriptor_t *desc,
cp += 2;
for (i=0; i < desc->n_intro_points; ++i) {
ipoint = (char*)desc->intro_points[i];
- strcpy(cp, ipoint);
+ strlcpy(cp, ipoint, *len_out-(cp-*str_out));
cp += strlen(ipoint)+1;
}
i = crypto_pk_private_sign_digest(key, *str_out, cp-*str_out, cp);
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 9ca1f8a390..c5bdd53438 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -459,7 +459,8 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l
memcpy(launched->rend_pk_digest, circuit->rend_pk_digest,
DIGEST_LEN);
memcpy(launched->rend_cookie, r_cookie, REND_COOKIE_LEN);
- strcpy(launched->rend_query, service->service_id);
+ strlcpy(launched->rend_query, service->service_id,
+ sizeof(launched->rend_query));
launched->build_state->pending_final_cpath = cpath =
tor_malloc_zero(sizeof(crypt_path_t));
@@ -539,7 +540,8 @@ rend_service_launch_establish_intro(rend_service_t *service, const char *nicknam
nickname);
return -1;
}
- strcpy(launched->rend_query, service->service_id);
+ strlcpy(launched->rend_query, service->service_id,
+ sizeof(launched->rend_query));
memcpy(launched->rend_pk_digest, service->pk_digest, DIGEST_LEN);
return 0;
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 9a99442cd2..506264928a 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -267,7 +267,7 @@ void rep_hist_dump_stats(time_t now, int severity)
upt, upt+downt, uptime*100.0);
if (!strmap_isempty(or_history->link_history_map)) {
- strcpy(buffer, " Good extend attempts: ");
+ strlcpy(buffer, " Good extend attempts: ", sizeof(buffer));
len = strlen(buffer);
for (lhist_it = strmap_iter_init(or_history->link_history_map);
!strmap_iter_done(lhist_it);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index f83d7789a9..37c6cb7e51 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1115,7 +1115,7 @@ int routers_update_status_from_entry(smartlist_t *routers,
strlen(cp), s);
return -1;
}
- strcpy(hexdigest, cp);
+ strlcpy(hexdigest, cp, sizeof(hexdigest));
if (base16_decode(digest, DIGEST_LEN, hexdigest, HEX_DIGEST_LEN)<0) {
log_fn(LOG_WARN, "Invalid digest in router status entry (%s)", s);
return -1;
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion