From 2e73ead9960f7266c28414b63ab2af673f4cd8d6 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Wed, 18 Sep 2024 23:53:44 +0200 Subject: [PATCH] [c stdlib] replace strlen/strcpy/strcmp Use length checking versions if possible. Also replaces the wide character versions and TCHAR versions --- client/common/man/generate_argument_manpage.c | 2 +- winpr/include/winpr/tchar.h | 4 ++++ winpr/libwinpr/comm/comm.c | 9 ++++---- winpr/libwinpr/comm/test/TestCommDevice.c | 14 ++++++------ .../TestEnvironmentGetEnvironmentStrings.c | 18 +++++++-------- .../libwinpr/file/test/TestFileFindNextFile.c | 8 +++---- .../path/test/TestPathCchAddBackslash.c | 14 ++++++------ .../path/test/TestPathCchAddBackslashEx.c | 14 ++++++------ .../path/test/TestPathCchAddExtension.c | 22 +++++++++---------- winpr/libwinpr/path/test/TestPathCchAppend.c | 22 +++++++++---------- .../path/test/TestPathCchStripPrefix.c | 22 +++++++++---------- winpr/libwinpr/path/test/TestPathIsUNCEx.c | 8 +++---- winpr/libwinpr/sspi/Kerberos/kerberos.c | 2 +- winpr/libwinpr/sspi/Negotiate/negotiate.c | 10 ++++----- 14 files changed, 86 insertions(+), 83 deletions(-) diff --git a/client/common/man/generate_argument_manpage.c b/client/common/man/generate_argument_manpage.c index 08889b031..7c74a4315 100644 --- a/client/common/man/generate_argument_manpage.c +++ b/client/common/man/generate_argument_manpage.c @@ -35,7 +35,7 @@ static char* append(char** buffer, size_t* size, const char* str) if (!resize(buffer, size, required - *size)) return NULL; } - strcat(*buffer, str); + strncpy(&(*buffer)[len], str, add); return *buffer; } diff --git a/winpr/include/winpr/tchar.h b/winpr/include/winpr/tchar.h index 51283522f..7bc613ca6 100644 --- a/winpr/include/winpr/tchar.h +++ b/winpr/include/winpr/tchar.h @@ -39,10 +39,12 @@ typedef CHAR TCHAR; #define _tprintf wprintf #define _sntprintf snwprintf #define _tcslen _wcslen +#define _tcsnlen _wcsnlen #define _tcsdup _wcsdup #define _tcscmp wcscmp #define _tcsncmp wcsncmp #define _tcscpy wcscpy +#define _tcsncpy wcsncpy #define _tcscat wcscat #define _tcschr wcschr #define _tcsrchr wcsrchr @@ -53,10 +55,12 @@ typedef CHAR TCHAR; #define _tprintf printf #define _sntprintf snprintf #define _tcslen strlen +#define _tcsnlen strnlen #define _tcsdup _strdup #define _tcscmp strcmp #define _tcsncmp strncmp #define _tcscpy strcpy +#define _tcsncpy strncpy #define _tcscat strcat #define _tcschr strchr #define _tcsrchr strrchr diff --git a/winpr/libwinpr/comm/comm.c b/winpr/libwinpr/comm/comm.c index e618dacb0..d7ce4e976 100644 --- a/winpr/libwinpr/comm/comm.c +++ b/winpr/libwinpr/comm/comm.c @@ -1078,15 +1078,16 @@ DWORD QueryCommDevice(LPCTSTR lpDeviceName, LPTSTR lpTargetPath, DWORD ucchMax) return 0; } - if (_tcslen(storedTargetPath) + 2 > ucchMax) + const size_t size = _tcsnlen(storedTargetPath, ucchMax); + if (size + 2 > ucchMax) { SetLastError(ERROR_INSUFFICIENT_BUFFER); return 0; } - _tcscpy(lpTargetPath, storedTargetPath); - lpTargetPath[_tcslen(storedTargetPath) + 1] = '\0'; /* 2nd final '\0' */ - return _tcslen(lpTargetPath) + 2; + _tcsncpy(lpTargetPath, storedTargetPath, size + 1); + lpTargetPath[size + 2] = '\0'; /* 2nd final '\0' */ + return size + 2; } /** diff --git a/winpr/libwinpr/comm/test/TestCommDevice.c b/winpr/libwinpr/comm/test/TestCommDevice.c index 0620778a5..370fdb03d 100644 --- a/winpr/libwinpr/comm/test/TestCommDevice.c +++ b/winpr/libwinpr/comm/test/TestCommDevice.c @@ -25,7 +25,6 @@ static int test_CommDevice(LPCTSTR lpDeviceName, BOOL expectedResult) { TCHAR lpTargetPath[MAX_PATH] = { 0 }; - size_t tcslen = 0; BOOL result = DefineCommDevice(lpDeviceName, _T("/dev/test")); if ((!expectedResult && result) || (expectedResult && !result)) /* logical XOR */ @@ -45,17 +44,18 @@ static int test_CommDevice(LPCTSTR lpDeviceName, BOOL expectedResult) return FALSE; } - tcslen = (size_t)QueryCommDevice(lpDeviceName, lpTargetPath, MAX_PATH); + const size_t tclen = QueryCommDevice(lpDeviceName, lpTargetPath, MAX_PATH); if (expectedResult) { - if (tcslen <= _tcslen(lpTargetPath)) /* at least 2 more TCHAR are expected */ + const size_t tlen = _tcsnlen(lpTargetPath, ARRAYSIZE(lpTargetPath) - 1); + if (tclen <= tlen) /* at least 2 more TCHAR are expected */ { _tprintf(_T("QueryCommDevice failure: didn't find the device name: %s\n"), lpDeviceName); return FALSE; } - if (_tcscmp(_T("/dev/test"), lpTargetPath) != 0) + if (_tcsncmp(_T("/dev/test"), lpTargetPath, ARRAYSIZE(lpTargetPath)) != 0) { _tprintf( _T("QueryCommDevice failure: device name: %s, expected result: %s, result: %s\n"), @@ -64,7 +64,7 @@ static int test_CommDevice(LPCTSTR lpDeviceName, BOOL expectedResult) return FALSE; } - if (lpTargetPath[_tcslen(lpTargetPath) + 1] != 0) + if ((tlen >= (ARRAYSIZE(lpTargetPath) - 1)) || (lpTargetPath[tlen + 1] != 0)) { _tprintf(_T("QueryCommDevice failure: device name: %s, the second NULL character is ") _T("missing at the end of the buffer\n"), @@ -74,11 +74,11 @@ static int test_CommDevice(LPCTSTR lpDeviceName, BOOL expectedResult) } else { - if (tcslen > 0) + if (tclen > 0) { _tprintf(_T("QueryCommDevice failure: device name: %s, expected result: , ") _T("result: %") _T(PRIuz) _T(" %s\n"), - lpDeviceName, tcslen, lpTargetPath); + lpDeviceName, tclen, lpTargetPath); return FALSE; } diff --git a/winpr/libwinpr/environment/test/TestEnvironmentGetEnvironmentStrings.c b/winpr/libwinpr/environment/test/TestEnvironmentGetEnvironmentStrings.c index c5963998e..f7f2435a9 100644 --- a/winpr/libwinpr/environment/test/TestEnvironmentGetEnvironmentStrings.c +++ b/winpr/libwinpr/environment/test/TestEnvironmentGetEnvironmentStrings.c @@ -7,32 +7,30 @@ int TestEnvironmentGetEnvironmentStrings(int argc, char* argv[]) { int r = -1; - TCHAR* p = NULL; - size_t length = 0; - LPTCH lpszEnvironmentBlock = NULL; WINPR_UNUSED(argc); WINPR_UNUSED(argv); - lpszEnvironmentBlock = GetEnvironmentStrings(); - - p = lpszEnvironmentBlock; + LPTCH lpszEnvironmentBlock = GetEnvironmentStrings(); + if (!lpszEnvironmentBlock) + goto fail; + TCHAR* p = lpszEnvironmentBlock; while (p[0] && p[1]) { + const size_t max = _tcslen(p); const int rc = _sntprintf(NULL, 0, _T("%s\n"), p); if (rc < 1) { _tprintf(_T("test failed: return %d\n"), rc); goto fail; } - length = _tcslen(p); - if (length != (size_t)(rc - 1)) + if (max != (size_t)(rc - 1)) { - _tprintf(_T("test failed: length %") _T(PRIuz) _T(" != %d [%s]\n"), length, rc - 1, p); + _tprintf(_T("test failed: length %") _T(PRIuz) _T(" != %d [%s]\n"), max, rc - 1, p); goto fail; } - p += (length + 1); + p += (max + 1); } r = 0; diff --git a/winpr/libwinpr/file/test/TestFileFindNextFile.c b/winpr/libwinpr/file/test/TestFileFindNextFile.c index ebb9bec89..c1d2c1b6d 100644 --- a/winpr/libwinpr/file/test/TestFileFindNextFile.c +++ b/winpr/libwinpr/file/test/TestFileFindNextFile.c @@ -61,8 +61,8 @@ int TestFileFindNextFile(int argc, char* argv[]) * The current implementation does not enforce a particular order */ - if ((_tcscmp(FindData.cFileName, testDirectory2File1) != 0) && - (_tcscmp(FindData.cFileName, testDirectory2File2) != 0)) + if ((_tcsncmp(FindData.cFileName, testDirectory2File1, ARRAYSIZE(testDirectory2File1)) != 0) && + (_tcsncmp(FindData.cFileName, testDirectory2File2, ARRAYSIZE(testDirectory2File2)) != 0)) { _tprintf(_T("FindFirstFile failure: Expected: %s, Actual: %s\n"), testDirectory2File1, FindData.cFileName); @@ -77,8 +77,8 @@ int TestFileFindNextFile(int argc, char* argv[]) return -1; } - if ((_tcscmp(FindData.cFileName, testDirectory2File1) != 0) && - (_tcscmp(FindData.cFileName, testDirectory2File2) != 0)) + if ((_tcsncmp(FindData.cFileName, testDirectory2File1, ARRAYSIZE(testDirectory2File1)) != 0) && + (_tcsncmp(FindData.cFileName, testDirectory2File2, ARRAYSIZE(testDirectory2File2)) != 0)) { _tprintf(_T("FindNextFile failure: Expected: %s, Actual: %s\n"), testDirectory2File2, FindData.cFileName); diff --git a/winpr/libwinpr/path/test/TestPathCchAddBackslash.c b/winpr/libwinpr/path/test/TestPathCchAddBackslash.c index 0a414e297..ba8efecb1 100644 --- a/winpr/libwinpr/path/test/TestPathCchAddBackslash.c +++ b/winpr/libwinpr/path/test/TestPathCchAddBackslash.c @@ -11,7 +11,7 @@ static const TCHAR testPathNoBackslash[] = _T("C:\\Program Files"); int TestPathCchAddBackslash(int argc, char* argv[]) { HRESULT status = 0; - TCHAR Path[PATHCCH_MAX_CCH]; + TCHAR Path[PATHCCH_MAX_CCH] = { 0 }; WINPR_UNUSED(argc); WINPR_UNUSED(argv); @@ -22,7 +22,7 @@ int TestPathCchAddBackslash(int argc, char* argv[]) * or an error code otherwise. */ - _tcscpy(Path, testPathNoBackslash); + _tcsncpy(Path, testPathNoBackslash, ARRAYSIZE(Path)); /* Add a backslash to a path without a trailing backslash, expect S_OK */ @@ -34,7 +34,7 @@ int TestPathCchAddBackslash(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathBackslash) != 0) + if (_tcsncmp(Path, testPathBackslash, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathBackslash); return -1; @@ -42,7 +42,7 @@ int TestPathCchAddBackslash(int argc, char* argv[]) /* Add a backslash to a path with a trailing backslash, expect S_FALSE */ - _tcscpy(Path, testPathBackslash); + _tcsncpy(Path, testPathBackslash, ARRAYSIZE(Path)); status = PathCchAddBackslash(Path, PATHCCH_MAX_CCH); @@ -52,7 +52,7 @@ int TestPathCchAddBackslash(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathBackslash) != 0) + if (_tcsncmp(Path, testPathBackslash, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathBackslash); return -1; @@ -72,7 +72,7 @@ int TestPathCchAddBackslash(int argc, char* argv[]) /* Use insufficient size value, expect FAILED(status) */ - _tcscpy(Path, _T("C:\\tmp")); + _tcsncpy(Path, _T("C:\\tmp"), ARRAYSIZE(Path)); status = PathCchAddBackslash(Path, 7); @@ -86,7 +86,7 @@ int TestPathCchAddBackslash(int argc, char* argv[]) /* Use minimum required size value, expect S_OK */ - _tcscpy(Path, _T("C:\\tmp")); + _tcsncpy(Path, _T("C:\\tmp"), ARRAYSIZE(Path)); status = PathCchAddBackslash(Path, 8); diff --git a/winpr/libwinpr/path/test/TestPathCchAddBackslashEx.c b/winpr/libwinpr/path/test/TestPathCchAddBackslashEx.c index 4a842007b..c24d0202e 100644 --- a/winpr/libwinpr/path/test/TestPathCchAddBackslashEx.c +++ b/winpr/libwinpr/path/test/TestPathCchAddBackslashEx.c @@ -13,7 +13,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) HRESULT status = 0; LPTSTR pszEnd = NULL; size_t cchRemaining = 0; - TCHAR Path[PATHCCH_MAX_CCH]; + TCHAR Path[PATHCCH_MAX_CCH] = { 0 }; WINPR_UNUSED(argc); WINPR_UNUSED(argv); @@ -24,7 +24,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) * or an error code otherwise. */ - _tcscpy(Path, testPathNoBackslash); + _tcsncpy(Path, testPathNoBackslash, ARRAYSIZE(Path)); /* Add a backslash to a path without a trailing backslash, expect S_OK */ @@ -36,7 +36,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathBackslash) != 0) + if (_tcsncmp(Path, testPathBackslash, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathBackslash); return -1; @@ -44,7 +44,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) /* Add a backslash to a path with a trailing backslash, expect S_FALSE */ - _tcscpy(Path, testPathBackslash); + _tcsncpy(Path, testPathBackslash, ARRAYSIZE(Path)); status = PathCchAddBackslashEx(Path, sizeof(Path) / sizeof(TCHAR), &pszEnd, &cchRemaining); @@ -54,7 +54,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathBackslash) != 0) + if (_tcsncmp(Path, testPathBackslash, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathBackslash); return -1; @@ -75,7 +75,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) /* Use insufficient size value, expect FAILED(status) */ - _tcscpy(Path, _T("C:\\tmp")); + _tcsncpy(Path, _T("C:\\tmp"), ARRAYSIZE(Path)); status = PathCchAddBackslashEx(Path, 7, NULL, NULL); @@ -89,7 +89,7 @@ int TestPathCchAddBackslashEx(int argc, char* argv[]) /* Use minimum required size value, expect S_OK */ - _tcscpy(Path, _T("C:\\tmp")); + _tcsncpy(Path, _T("C:\\tmp"), ARRAYSIZE(Path)); status = PathCchAddBackslashEx(Path, 8, NULL, NULL); diff --git a/winpr/libwinpr/path/test/TestPathCchAddExtension.c b/winpr/libwinpr/path/test/TestPathCchAddExtension.c index 71f5ddf75..a641dbf00 100644 --- a/winpr/libwinpr/path/test/TestPathCchAddExtension.c +++ b/winpr/libwinpr/path/test/TestPathCchAddExtension.c @@ -13,14 +13,14 @@ static const TCHAR testPathExtension[] = _T("C:\\Windows\\System32\\cmd.exe"); int TestPathCchAddExtension(int argc, char* argv[]) { HRESULT status = 0; - TCHAR Path[PATHCCH_MAX_CCH]; + TCHAR Path[PATHCCH_MAX_CCH] = { 0 }; WINPR_UNUSED(argc); WINPR_UNUSED(argv); /* Path: no extension, Extension: dot */ - _tcscpy(Path, testPathNoExtension); + _tcsncpy(Path, testPathNoExtension, ARRAYSIZE(Path)); status = PathCchAddExtension(Path, PATHCCH_MAX_CCH, testExtDot); @@ -30,7 +30,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathExtension) != 0) + if (_tcsncmp(Path, testPathExtension, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathExtension); return -1; @@ -38,7 +38,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) /* Path: no extension, Extension: no dot */ - _tcscpy(Path, testPathNoExtension); + _tcsncpy(Path, testPathNoExtension, ARRAYSIZE(Path)); status = PathCchAddExtension(Path, PATHCCH_MAX_CCH, testExtNoDot); @@ -48,7 +48,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathExtension) != 0) + if (_tcsncmp(Path, testPathExtension, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathExtension); return -1; @@ -56,7 +56,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) /* Path: extension, Extension: dot */ - _tcscpy(Path, testPathExtension); + _tcsncpy(Path, testPathExtension, ARRAYSIZE(Path)); status = PathCchAddExtension(Path, PATHCCH_MAX_CCH, testExtDot); @@ -66,7 +66,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathExtension) != 0) + if (_tcsncmp(Path, testPathExtension, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathExtension); return -1; @@ -74,7 +74,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) /* Path: extension, Extension: no dot */ - _tcscpy(Path, testPathExtension); + _tcsncpy(Path, testPathExtension, ARRAYSIZE(Path)); status = PathCchAddExtension(Path, PATHCCH_MAX_CCH, testExtDot); @@ -84,7 +84,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathExtension) != 0) + if (_tcsncmp(Path, testPathExtension, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathExtension); return -1; @@ -114,7 +114,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) /* Insufficient Buffer size */ - _tcscpy(Path, _T("C:\\456789")); + _tcsncpy(Path, _T("C:\\456789"), ARRAYSIZE(Path)); status = PathCchAddExtension(Path, 9 + 4, _T(".jpg")); if (SUCCEEDED(status)) { @@ -126,7 +126,7 @@ int TestPathCchAddExtension(int argc, char* argv[]) /* Minimum required buffer size */ - _tcscpy(Path, _T("C:\\456789")); + _tcsncpy(Path, _T("C:\\456789"), ARRAYSIZE(Path)); status = PathCchAddExtension(Path, 9 + 4 + 1, _T(".jpg")); if (FAILED(status)) { diff --git a/winpr/libwinpr/path/test/TestPathCchAppend.c b/winpr/libwinpr/path/test/TestPathCchAppend.c index 93524cac5..e890b8141 100644 --- a/winpr/libwinpr/path/test/TestPathCchAppend.c +++ b/winpr/libwinpr/path/test/TestPathCchAppend.c @@ -21,7 +21,7 @@ int TestPathCchAppend(int argc, char* argv[]) /* Base Path: Backslash, More Path: No Backslash */ - _tcscpy(Path, testBasePathBackslash); + _tcsncpy(Path, testBasePathBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, PATHCCH_MAX_CCH, testMorePathNoBackslash); @@ -31,7 +31,7 @@ int TestPathCchAppend(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathOut) != 0) + if (_tcsncmp(Path, testPathOut, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathOut); return -1; @@ -39,7 +39,7 @@ int TestPathCchAppend(int argc, char* argv[]) /* Base Path: Backslash, More Path: Backslash */ - _tcscpy(Path, testBasePathBackslash); + _tcsncpy(Path, testBasePathBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, PATHCCH_MAX_CCH, testMorePathBackslash); @@ -49,7 +49,7 @@ int TestPathCchAppend(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathOut) != 0) + if (_tcsncmp(Path, testPathOut, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathOut); return -1; @@ -57,7 +57,7 @@ int TestPathCchAppend(int argc, char* argv[]) /* Base Path: No Backslash, More Path: Backslash */ - _tcscpy(Path, testBasePathNoBackslash); + _tcsncpy(Path, testBasePathNoBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, PATHCCH_MAX_CCH, testMorePathBackslash); @@ -67,7 +67,7 @@ int TestPathCchAppend(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathOut) != 0) + if (_tcsncmp(Path, testPathOut, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathOut); return -1; @@ -75,7 +75,7 @@ int TestPathCchAppend(int argc, char* argv[]) /* Base Path: No Backslash, More Path: No Backslash */ - _tcscpy(Path, testBasePathNoBackslash); + _tcsncpy(Path, testBasePathNoBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, PATHCCH_MAX_CCH, testMorePathNoBackslash); @@ -85,7 +85,7 @@ int TestPathCchAppend(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathOut) != 0) + if (_tcsncmp(Path, testPathOut, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathOut); return -1; @@ -102,7 +102,7 @@ int TestPathCchAppend(int argc, char* argv[]) } /* According to msdn a NULL pszMore is an invalid argument (although optional !?) */ - _tcscpy(Path, testBasePathNoBackslash); + _tcsncpy(Path, testBasePathNoBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, PATHCCH_MAX_CCH, NULL); if (status != E_INVALIDARG) { @@ -113,7 +113,7 @@ int TestPathCchAppend(int argc, char* argv[]) } /* According to msdn cchPath must be > 0 and <= PATHCCH_MAX_CCH */ - _tcscpy(Path, testBasePathNoBackslash); + _tcsncpy(Path, testBasePathNoBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, 0, testMorePathNoBackslash); if (status != E_INVALIDARG) { @@ -122,7 +122,7 @@ int TestPathCchAppend(int argc, char* argv[]) status); return -1; } - _tcscpy(Path, testBasePathNoBackslash); + _tcsncpy(Path, testBasePathNoBackslash, ARRAYSIZE(Path)); status = PathCchAppend(Path, PATHCCH_MAX_CCH + 1, testMorePathNoBackslash); if (status != E_INVALIDARG) { diff --git a/winpr/libwinpr/path/test/TestPathCchStripPrefix.c b/winpr/libwinpr/path/test/TestPathCchStripPrefix.c index 753be3d9f..b2b7d5d06 100644 --- a/winpr/libwinpr/path/test/TestPathCchStripPrefix.c +++ b/winpr/libwinpr/path/test/TestPathCchStripPrefix.c @@ -20,7 +20,7 @@ static const TCHAR testPathPrefixDeviceNamespace[] = _T("\\\\?\\GLOBALROOT"); int TestPathCchStripPrefix(int argc, char* argv[]) { HRESULT status = 0; - TCHAR Path[PATHCCH_MAX_CCH]; + TCHAR Path[PATHCCH_MAX_CCH] = { 0 }; WINPR_UNUSED(argc); WINPR_UNUSED(argv); @@ -32,7 +32,7 @@ int TestPathCchStripPrefix(int argc, char* argv[]) /* Path with prefix (File Namespace) */ - _tcscpy(Path, testPathPrefixFileNamespace); + _tcsncpy(Path, testPathPrefixFileNamespace, ARRAYSIZE(Path)); status = PathCchStripPrefix(Path, sizeof(testPathPrefixFileNamespace) / sizeof(TCHAR)); @@ -42,7 +42,7 @@ int TestPathCchStripPrefix(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathNoPrefixFileNamespace) != 0) + if (_tcsncmp(Path, testPathNoPrefixFileNamespace, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathNoPrefixFileNamespace); @@ -51,9 +51,9 @@ int TestPathCchStripPrefix(int argc, char* argv[]) /* Path with prefix (Device Namespace) */ - _tcscpy(Path, testPathPrefixDeviceNamespace); + _tcsncpy(Path, testPathPrefixDeviceNamespace, ARRAYSIZE(Path)); - status = PathCchStripPrefix(Path, sizeof(testPathPrefixDeviceNamespace) / sizeof(TCHAR)); + status = PathCchStripPrefix(Path, ARRAYSIZE(testPathPrefixDeviceNamespace)); if (status != S_FALSE) { @@ -61,7 +61,7 @@ int TestPathCchStripPrefix(int argc, char* argv[]) return -1; } - if (_tcscmp(Path, testPathPrefixDeviceNamespace) != 0) + if (_tcsncmp(Path, testPathPrefixDeviceNamespace, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathPrefixDeviceNamespace); @@ -82,7 +82,7 @@ int TestPathCchStripPrefix(int argc, char* argv[]) /* Invalid cchPath values: 0, 1, 2, 3 and > PATHCCH_MAX_CCH */ for (int i = 0; i < 5; i++) { - _tcscpy(Path, testPathPrefixFileNamespace); + _tcsncpy(Path, testPathPrefixFileNamespace, ARRAYSIZE(Path)); if (i == 4) i = PATHCCH_MAX_CCH + 1; status = PathCchStripPrefix(Path, i); @@ -96,8 +96,8 @@ int TestPathCchStripPrefix(int argc, char* argv[]) } /* Minimum Path that would get successfully stripped on windows */ - _tcscpy(Path, testPathPrefixFileNamespaceMinimum); - size_t i = sizeof(testPathPrefixFileNamespaceMinimum) / sizeof(TCHAR); + _tcsncpy(Path, testPathPrefixFileNamespaceMinimum, ARRAYSIZE(Path)); + size_t i = ARRAYSIZE(testPathPrefixFileNamespaceMinimum); i = i - 1; /* include testing of a non-null terminated string */ status = PathCchStripPrefix(Path, i); if (status != S_OK) @@ -107,7 +107,7 @@ int TestPathCchStripPrefix(int argc, char* argv[]) status); return -1; } - if (_tcscmp(Path, testPathNoPrefixFileNamespaceMinimum) != 0) + if (_tcsncmp(Path, testPathNoPrefixFileNamespaceMinimum, ARRAYSIZE(Path)) != 0) { _tprintf(_T("Path Mismatch: Actual: %s, Expected: %s\n"), Path, testPathNoPrefixFileNamespaceMinimum); @@ -115,7 +115,7 @@ int TestPathCchStripPrefix(int argc, char* argv[]) } /* Invalid drive letter symbol */ - _tcscpy(Path, _T("\\\\?\\5:")); + _tcsncpy(Path, _T("\\\\?\\5:"), ARRAYSIZE(Path)); status = PathCchStripPrefix(Path, 6); if (status == S_OK) { diff --git a/winpr/libwinpr/path/test/TestPathIsUNCEx.c b/winpr/libwinpr/path/test/TestPathIsUNCEx.c index 4fdf4f7a2..a2edc5169 100644 --- a/winpr/libwinpr/path/test/TestPathIsUNCEx.c +++ b/winpr/libwinpr/path/test/TestPathIsUNCEx.c @@ -13,14 +13,14 @@ int TestPathIsUNCEx(int argc, char* argv[]) { BOOL status = 0; LPCTSTR Server = NULL; - TCHAR Path[PATHCCH_MAX_CCH]; + TCHAR Path[PATHCCH_MAX_CCH] = { 0 }; WINPR_UNUSED(argc); WINPR_UNUSED(argv); /* Path is UNC */ - _tcscpy(Path, testPathUNC); + _tcsncpy(Path, testPathUNC, ARRAYSIZE(Path)); status = PathIsUNCEx(Path, &Server); @@ -30,7 +30,7 @@ int TestPathIsUNCEx(int argc, char* argv[]) return -1; } - if (_tcscmp(Server, testServer) != 0) + if (_tcsncmp(Server, testServer, ARRAYSIZE(testServer)) != 0) { _tprintf(_T("Server Name Mismatch: Actual: %s, Expected: %s\n"), Server, testServer); return -1; @@ -38,7 +38,7 @@ int TestPathIsUNCEx(int argc, char* argv[]) /* Path is not UNC */ - _tcscpy(Path, testPathNotUNC); + _tcsncpy(Path, testPathNotUNC, ARRAYSIZE(Path)); status = PathIsUNCEx(Path, &Server); diff --git a/winpr/libwinpr/sspi/Kerberos/kerberos.c b/winpr/libwinpr/sspi/Kerberos/kerberos.c index ca188aa38..3b489dc35 100644 --- a/winpr/libwinpr/sspi/Kerberos/kerberos.c +++ b/winpr/libwinpr/sspi/Kerberos/kerberos.c @@ -1400,7 +1400,7 @@ static KRB_CONTEXT* get_context(PCtxtHandle phContext) if (!name) return NULL; - if (_tcscmp(KERBEROS_SSP_NAME, name) != 0) + if (_tcsncmp(KERBEROS_SSP_NAME, name, ARRAYSIZE(KERBEROS_SSP_NAME)) != 0) return NULL; return sspi_SecureHandleGetLowerPointer(phContext); } diff --git a/winpr/libwinpr/sspi/Negotiate/negotiate.c b/winpr/libwinpr/sspi/Negotiate/negotiate.c index 4ce7cf50e..b99b0d52b 100644 --- a/winpr/libwinpr/sspi/Negotiate/negotiate.c +++ b/winpr/libwinpr/sspi/Negotiate/negotiate.c @@ -604,7 +604,7 @@ static SECURITY_STATUS negotiate_mic_exchange(NEGOTIATE_CONTEXT* context, NegTok if (!name) return SEC_E_INTERNAL_ERROR; - if (_tcscmp(name, NTLM_SSP_NAME) == 0) + if (_tcsncmp(name, NTLM_SSP_NAME, ARRAYSIZE(NTLM_SSP_NAME)) == 0) { if (!ntlm_reset_cipher_state(&context->sub_context)) return SEC_E_INTERNAL_ERROR; @@ -1407,9 +1407,9 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW( const SecPkg* pkg = MechTable[i].pkg; cred->mech = &MechTable[i]; - if (!kerberos && _tcscmp(pkg->name, KERBEROS_SSP_NAME) == 0) + if (!kerberos && _tcsncmp(pkg->name, KERBEROS_SSP_NAME, ARRAYSIZE(KERBEROS_SSP_NAME)) == 0) continue; - if (!ntlm && _tcscmp(SecPkgTable[i].name, NTLM_SSP_NAME) == 0) + if (!ntlm && _tcsncmp(SecPkgTable[i].name, NTLM_SSP_NAME, ARRAYSIZE(NTLM_SSP_NAME)) == 0) continue; WINPR_ASSERT(pkg->table_w); @@ -1450,9 +1450,9 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleA( cred->mech = &MechTable[i]; - if (!kerberos && _tcscmp(pkg->name, KERBEROS_SSP_NAME) == 0) + if (!kerberos && _tcsncmp(pkg->name, KERBEROS_SSP_NAME, ARRAYSIZE(KERBEROS_SSP_NAME)) == 0) continue; - if (!ntlm && _tcscmp(SecPkgTable[i].name, NTLM_SSP_NAME) == 0) + if (!ntlm && _tcsncmp(SecPkgTable[i].name, NTLM_SSP_NAME, ARRAYSIZE(NTLM_SSP_NAME)) == 0) continue; WINPR_ASSERT(pkg->table);