diff --git a/qrexec/qrexec-agent.c b/qrexec/qrexec-agent.c index 46e5566..f9b4ff7 100644 --- a/qrexec/qrexec-agent.c +++ b/qrexec/qrexec-agent.c @@ -382,7 +382,7 @@ int try_fork_server(int type, int connect_domain, int connect_port, remote.sun_family = AF_UNIX; strncpy(remote.sun_path, fork_server_socket_path, - sizeof(remote.sun_path)); + sizeof(remote.sun_path) - 1); free(fork_server_socket_path); if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { diff --git a/qrexec/qrexec-client-vm.c b/qrexec/qrexec-client-vm.c index ff8a728..0065d00 100644 --- a/qrexec/qrexec-client-vm.c +++ b/qrexec/qrexec-client-vm.c @@ -55,7 +55,7 @@ int connect_unix_socket(char *path) remote.sun_family = AF_UNIX; strncpy(remote.sun_path, path, - sizeof(remote.sun_path)); + sizeof(remote.sun_path) - 1); len = strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(s, (struct sockaddr *) &remote, len) == -1) { perror("connect"); @@ -135,11 +135,11 @@ int main(int argc, char **argv) trigger_fd = connect_unix_socket(QREXEC_AGENT_TRIGGER_PATH); memset(¶ms, 0, sizeof(params)); - strncpy(params.service_name, argv[optind + 1], sizeof(params.service_name)); + strncpy(params.service_name, argv[optind + 1], sizeof(params.service_name) - 1); convert_target_name_keyword(argv[optind]); strncpy(params.target_domain, argv[optind], - sizeof(params.target_domain)); + sizeof(params.target_domain) - 1); snprintf(params.request_id.ident, sizeof(params.request_id.ident), "SOCKET"); diff --git a/qubes-rpc/qopen-in-vm.c b/qubes-rpc/qopen-in-vm.c index 4e311b8..43cf854 100644 --- a/qubes-rpc/qopen-in-vm.c +++ b/qubes-rpc/qopen-in-vm.c @@ -26,7 +26,8 @@ void send_file(const char *fname) base++; if (strlen(base) >= DVM_FILENAME_SIZE) base += strlen(base) - DVM_FILENAME_SIZE + 1; - strncpy(sendbuf,base,DVM_FILENAME_SIZE); /* fills out with NULs */ + strncpy(sendbuf,base,DVM_FILENAME_SIZE - 1); /* fills out with NULs */ + sendbuf[DVM_FILENAME_SIZE - 1] = '\0'; if (!write_all(1, sendbuf, DVM_FILENAME_SIZE)) gui_fatal("send filename to dispVM"); if (!copy_fd_all(1, fd)) diff --git a/qubes-rpc/tar2qfile.c b/qubes-rpc/tar2qfile.c index a88c02d..b0786d2 100644 --- a/qubes-rpc/tar2qfile.c +++ b/qubes-rpc/tar2qfile.c @@ -708,6 +708,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s // Split the path in directories and recompose it incrementally char * last_token = strtok(dirbuf,"/"); char * token = strtok(NULL, "/"); + size_t len_last_token = 0; while (token != NULL) { #ifdef DEBUG @@ -715,21 +716,22 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s #endif // Recompose the path based on last discovered directory + len_last_token = strlen(last_token); if (path == NULL) { - path = malloc(sizeof (char) * (strlen(last_token)+1)); + path = malloc(sizeof (char) * (len_last_token+1)); if (path == NULL) return MEMORY_ALLOC_FAILED; - path = strncpy(path, last_token, strlen(last_token)); - path[strlen(last_token)] = '\0'; + path = memcpy(path, last_token, len_last_token); + path[len_last_token] = '\0'; } else { pathsize = strlen(path); - path = realloc(path, sizeof (char) * (strlen(path)+1+strlen(last_token)+1)); + path = realloc(path, sizeof (char) * (strlen(path)+1+len_last_token+1)); if (path == NULL) return MEMORY_ALLOC_FAILED; path[pathsize] = '/'; - strncpy(path+pathsize+1, last_token, strlen(last_token)); - path[pathsize+strlen(last_token)+1] = '\0'; + memcpy(path+pathsize+1, last_token, len_last_token); + path[pathsize+len_last_token+1] = '\0'; } #ifdef DEBUG fprintf(stderr,"Path is %s\n",path); @@ -762,7 +764,8 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s dirs_headers_sent[n_dirs-1] = malloc(sizeof (char) * (strlen(path)+1)); if (dirs_headers_sent[n_dirs-1] == NULL) return MEMORY_ALLOC_FAILED; - strncpy(dirs_headers_sent[n_dirs-1], path, strlen(path)+1); + + memcpy(dirs_headers_sent[n_dirs-1], path, strlen(path)+1); // Initialize the qfile headers for the current directory path dir_header.namelen = strlen(path)+1;