Skip to content

Commit

Permalink
Minimize unsafe C functions usage - replace strcat() and strcpy()
Browse files Browse the repository at this point in the history 
Similar to 567b681 continue to replace use of strcat() and
strcpy() with safer options strncat() and strncpy().

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license. I am contributing on behalf of my employer Amazon Web Services
  • Loading branch information
@Chaloff @LinuxJedi
Chaloff authored and LinuxJedi committed Apr 20, 2023
1 parent 854e8b1 commit fc6e8a3
Show file tree
Hide file tree
Showing 7 changed files with 178 additions and 148 deletions.
26 changes: 14 additions & 12 deletions storage/connect/reldef.cpp
View file
Expand Up @@ -91,11 +91,11 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char* tab, char* db, bool info)
/* directories are used (to make this even remotely secure). */
/*********************************************************************/
if (check_valid_path(module, strlen(module))) {
strcpy(g->Message, "Module cannot contain a path");
safe_strcpy(g->Message, sizeof(g->Message), "Module cannot contain a path");
return NULL;
}
else if (strlen(subtype)+1+3 >= sizeof(getname)) {
strcpy(g->Message, "Subtype string too long");
safe_strcpy(g->Message, sizeof(g->Message), "Subtype string too long");
return NULL;
}
else
Expand All @@ -118,7 +118,8 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char* tab, char* db, bool info)
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
(LPTSTR)buf, sizeof(buf), NULL);
strcat(strcat(g->Message, ": "), buf);
safe_strcat(g->Message, sizeof(g->Message), ": ");
safe_strcat(g->Message, sizeof(g->Message), buf);
return NULL;
} // endif hDll

Expand Down Expand Up @@ -281,7 +282,7 @@ char *RELDEF::GetStringCatInfo(PGLOBAL g, PCSZ what, PCSZ sdef)
if (IsFileType(GetTypeID(ftype))) {
name= Hc->GetPartName();
sval= (char*)PlugSubAlloc(g, NULL, strlen(name) + 12);
strcat(strcpy(sval, name), ".");
snprintf(sval, strlen(name) + 12, "%s.", name);
n= strlen(sval);

// Fold ftype to lower case
Expand Down Expand Up @@ -622,12 +623,11 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
/* directories are used (to make this even remotely secure). */
/*********************************************************************/
if (check_valid_path(Module, strlen(Module))) {
strcpy(g->Message, "Module cannot contain a path");
safe_strcpy(g->Message, sizeof(g->Message), "Module cannot contain a path");
return NULL;
} else
// PlugSetPath(soname, Module, GetPluginDir()); // Crashes on Fedora
strncat(strcpy(soname, GetPluginDir()), Module,
sizeof(soname) - strlen(soname) - 1);
snprintf(soname, sizeof(soname), "%s%s", GetPluginDir(), Module);

#if defined(_WIN32)
// Is the DLL already loaded?
Expand All @@ -641,7 +641,8 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
(LPTSTR)buf, sizeof(buf), NULL);
strcat(strcat(g->Message, ": "), buf);
safe_strcat(g->Message, sizeof(g->Message), ": ");
safe_strcat(g->Message, sizeof(g->Message), buf);
return NULL;
} // endif hDll

Expand All @@ -661,7 +662,8 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
(LPTSTR)buf, sizeof(buf), NULL);
strcat(strcat(g->Message, ": "), buf);
safe_strcat(g->Message, sizeof(g->Message), ": ");
safe_strcat(g->Message, sizeof(g->Message), buf);
FreeLibrary((HMODULE)Hdll);
return NULL;
} // endif getdef
Expand Down Expand Up @@ -810,7 +812,7 @@ PTDB OEMDEF::GetTable(PGLOBAL g, MODE mode)
else
txfp = new(g) ZLBFAM(defp);
#else // !GZ_SUPPORT
strcpy(g->Message, "Compress not supported");
safe_strcpy(g->Message, sizeof(g->Message), "Compress not supported");
return NULL;
#endif // !GZ_SUPPORT
} else if (rfm == RECFM_VAR) {
Expand All @@ -833,7 +835,7 @@ PTDB OEMDEF::GetTable(PGLOBAL g, MODE mode)
else
txfp = new(g) VCTFAM((PVCTDEF)defp);
#else // !VCT_SUPPORT
strcpy(g->Message, "VCT no more supported");
safe_strcpy(g->Message, sizeof(g->Message), "VCT no more supported");
return NULL;
#endif // !VCT_SUPPORT
} // endif's
Expand Down Expand Up @@ -924,7 +926,7 @@ int COLDEF::Define(PGLOBAL g, void *, PCOLINFO cfp, int poff)
return -1;
} // endswitch

strcpy(F.Type, GetFormatType(Buf_Type));
safe_strcpy(F.Type, sizeof(F.Type), GetFormatType(Buf_Type));
F.Length = cfp->Length;
F.Prec = cfp->Scale;
Offset = (cfp->Offset < 0) ? poff : cfp->Offset;
Expand Down
47 changes: 24 additions & 23 deletions storage/connect/tabbson.cpp
View file
Expand Up @@ -39,6 +39,7 @@
#include "checklvl.h"
#include "resource.h"
#include "mycat.h" // for FNC_COL
#include "m_string.h"

/***********************************************************************/
/* This should be an option. */
Expand Down Expand Up @@ -80,7 +81,7 @@ PQRYRES BSONColumns(PGLOBAL g, PCSZ db, PCSZ dsn, PTOS topt, bool info)
} // endif info

if (GetIntegerTableOption(g, topt, "Multiple", 0)) {
strcpy(g->Message, "Cannot find column definition for multiple table");
safe_strcpy(g->Message, sizeof(g->Message), "Cannot find column definition for multiple table");
return NULL;
} // endif Multiple

Expand Down Expand Up @@ -206,7 +207,7 @@ int BSONDISC::GetColumns(PGLOBAL g, PCSZ db, PCSZ dsn, PTOS topt)
tdp->Uri = (dsn && *dsn ? dsn : NULL);

if (!tdp->Fn && !tdp->Uri) {
strcpy(g->Message, MSG(MISSING_FNAME));
safe_strcpy(g->Message, sizeof(g->Message), MSG(MISSING_FNAME));
return 0;
} else
topt->subtype = NULL;
Expand Down Expand Up @@ -318,7 +319,7 @@ int BSONDISC::GetColumns(PGLOBAL g, PCSZ db, PCSZ dsn, PTOS topt)

switch (tjnp->ReadDB(g)) {
case RC_EF:
strcpy(g->Message, "Void json table");
safe_strcpy(g->Message, sizeof(g->Message), "Void json table");
case RC_FX:
goto err;
default:
Expand All @@ -328,7 +329,7 @@ int BSONDISC::GetColumns(PGLOBAL g, PCSZ db, PCSZ dsn, PTOS topt)
} // endif pretty

if (!(row = (jsp) ? bp->GetObject(jsp) : NULL)) {
strcpy(g->Message, "Can only retrieve columns from object rows");
safe_strcpy(g->Message, sizeof(g->Message), "Can only retrieve columns from object rows");
goto err;
} // endif row

Expand Down Expand Up @@ -405,7 +406,7 @@ bool BSONDISC::Find(PGLOBAL g, PBVAL jvp, PCSZ key, int j)

if (jvp && !bp->IsJson(jvp)) {
if (JsonAllPath() && !fmt[bf])
strcat(fmt, colname);
safe_strcat(fmt, sizeof(fmt), colname);

jcol.Type = (JTYP)jvp->Type;

Expand Down Expand Up @@ -439,7 +440,7 @@ bool BSONDISC::Find(PGLOBAL g, PBVAL jvp, PCSZ key, int j)
jcol.Cbn = true;
} else if (j < lvl && !Stringified(strfy, colname)) {
if (!fmt[bf])
strcat(fmt, colname);
safe_strcat(fmt, sizeof(fmt), colname);

p = fmt + strlen(fmt);
jsp = jvp;
Expand Down Expand Up @@ -510,11 +511,11 @@ bool BSONDISC::Find(PGLOBAL g, PBVAL jvp, PCSZ key, int j)
} else if (lvl >= 0) {
if (Stringified(strfy, colname)) {
if (!fmt[bf])
strcat(fmt, colname);
safe_strcat(fmt, sizeof(fmt), colname);

strcat(fmt, ".*");
safe_strcat(fmt, sizeof(fmt), ".*");
} else if (JsonAllPath() && !fmt[bf])
strcat(fmt, colname);
safe_strcat(fmt, sizeof(fmt), colname);

jcol.Type = TYPE_STRG;
jcol.Len = sz;
Expand Down Expand Up @@ -961,7 +962,7 @@ PVAL BCUTIL::ExpandArray(PGLOBAL g, PBVAL arp, int n)
} // endif ars

if (!(bvp = GetArrayValue(arp, (nodes[n].Rx = nodes[n].Nx)))) {
strcpy(g->Message, "Logical error expanding array");
safe_strcpy(g->Message, sizeof(g->Message), "Logical error expanding array");
throw 666;
} // endif jvp

Expand Down Expand Up @@ -1146,7 +1147,7 @@ PBVAL BCUTIL::GetRow(PGLOBAL g)
} else if (row->Type == TYPE_JAR) {
AddArrayValue(row, (nwr = NewVal(type)));
} else {
strcpy(g->Message, "Wrong type when writing new row");
safe_strcpy(g->Message, sizeof(g->Message), "Wrong type when writing new row");
nwr = NULL;
} // endif's

Expand Down Expand Up @@ -1255,7 +1256,7 @@ PTDB BSONDEF::GetTable(PGLOBAL g, MODE m)
// Allocate the parse work memory
G = PlugInit(NULL, (size_t)Lrecl * (Pretty < 0 ? 3 : 5));
} else {
strcpy(g->Message, "LRECL is not defined");
safe_strcpy(g->Message, sizeof(g->Message), "LRECL is not defined");
return NULL;
} // endif Lrecl

Expand Down Expand Up @@ -1295,7 +1296,7 @@ PTDB BSONDEF::GetTable(PGLOBAL g, MODE m)
} else if (m == MODE_INSERT) {
txfp = new(g) ZIPFAM(this);
} else {
strcpy(g->Message, "UPDATE/DELETE not supported for ZIP");
safe_strcpy(g->Message, sizeof(g->Message), "UPDATE/DELETE not supported for ZIP");
return NULL;
} // endif's m
#else // !ZIP_SUPPORT
Expand Down Expand Up @@ -1325,10 +1326,10 @@ PTDB BSONDEF::GetTable(PGLOBAL g, MODE m)
if (m == MODE_READ || m == MODE_ANY || m == MODE_ALTER) {
txfp = new(g) UNZFAM(this);
} else if (m == MODE_INSERT) {
strcpy(g->Message, "INSERT supported only for zipped JSON when pretty=0");
safe_strcpy(g->Message, sizeof(g->Message), "INSERT supported only for zipped JSON when pretty=0");
return NULL;
} else {
strcpy(g->Message, "UPDATE/DELETE not supported for ZIP");
safe_strcpy(g->Message, sizeof(g->Message), "UPDATE/DELETE not supported for ZIP");
return NULL;
} // endif's m
#else // !ZIP_SUPPORT
Expand Down Expand Up @@ -1661,7 +1662,7 @@ bool TDBBSN::PrepareWriting(PGLOBAL g)
strcat(s, ",");

if ((signed)strlen(s) > Lrecl) {
strncpy(To_Line, s, Lrecl);
safe_strcpy(To_Line, Lrecl, s);
snprintf(g->Message, sizeof(g->Message), "Line truncated (lrecl=%d)", Lrecl);
return PushWarning(g, this);
} else
Expand Down Expand Up @@ -1764,7 +1765,7 @@ bool BSONCOL::CheckExpand(PGLOBAL g, int i, PSZ nm, bool b)
Xpd = true; // Expandable object
Nodes[i].Op = OP_EXP;
} else if (b) {
strcpy(g->Message, "Cannot expand more than one branch");
safe_strcpy(g->Message, sizeof(g->Message), "Cannot expand more than one branch");
return true;
} // endif Xcol

Expand Down Expand Up @@ -1975,7 +1976,7 @@ bool BSONCOL::ParseJpath(PGLOBAL g)
if (SetArrayOptions(g, p, i, Nodes[i - 1].Key))
return true;
else if (Xpd && Tbp->Mode == MODE_DELETE) {
strcpy(g->Message, "Cannot delete expanded columns");
safe_strcpy(g->Message, sizeof(g->Message), "Cannot delete expanded columns");
return true;
} // endif Xpd

Expand Down Expand Up @@ -2096,7 +2097,7 @@ void BSONCOL::ReadColumn(PGLOBAL g)
void BSONCOL::WriteColumn(PGLOBAL g)
{
if (Xpd && Tbp->Pretty < 2) {
strcpy(g->Message, "Cannot write expanded column when Pretty is not 2");
safe_strcpy(g->Message, sizeof(g->Message), "Cannot write expanded column when Pretty is not 2");
throw 666;
} // endif Xpd

Expand Down Expand Up @@ -2126,7 +2127,7 @@ void BSONCOL::WriteColumn(PGLOBAL g)
char *s = Value->GetCharValue();

if (!(jsp = Cp->ParseJson(g, s, strlen(s)))) {
strcpy(g->Message, s);
safe_strcpy(g->Message, sizeof(g->Message), s);
throw 666;
} // endif jsp

Expand Down Expand Up @@ -2312,7 +2313,7 @@ int TDBBSON::MakeDocument(PGLOBAL g)
if (!a && *p && *p != '[' && !IsNum(p)) {
// obj is a key
if (jsp->Type != TYPE_JOB) {
strcpy(g->Message, "Table path does not match the json file");
safe_strcpy(g->Message, sizeof(g->Message), "Table path does not match the json file");
return RC_FX;
} // endif Type

Expand All @@ -2338,7 +2339,7 @@ int TDBBSON::MakeDocument(PGLOBAL g)
} // endif p

if (jsp->Type != TYPE_JAR) {
strcpy(g->Message, "Table path does not match the json file");
safe_strcpy(g->Message, sizeof(g->Message), "Table path does not match the json file");
return RC_FX;
} // endif Type

Expand Down Expand Up @@ -2432,7 +2433,7 @@ void TDBBSON::ResetSize(void)
int TDBBSON::MakeIndex(PGLOBAL g, PIXDEF pxdf, bool)
{
if (pxdf) {
strcpy(g->Message, "JSON not indexable when pretty = 2");
safe_strcpy(g->Message, sizeof(g->Message), "JSON not indexable when pretty = 2");
return RC_FX;
} else
return RC_OK;
Expand Down

0 comments on commit fc6e8a3

Please sign in to comment.