From 9a85694b8616f2e10f19440f4db9017d44dfae18 Mon Sep 17 00:00:00 2001 From: Kane York Date: Thu, 23 Jul 2020 13:02:03 -0700 Subject: [PATCH] fix(3p/nix): remove usage of strcpy Change-Id: I86125609f433469a8722c780fd758234211d677e Reviewed-on: https://cl.tvl.fyi/c/depot/+/1381 Tested-by: BuildkiteCI Reviewed-by: Alyssa Ross Reviewed-by: glittershark --- third_party/nix/.clang-tidy | 2 +- third_party/nix/src/libstore/build.cc | 2 +- third_party/nix/src/libstore/remote-store.cc | 7 ++++--- third_party/nix/src/nix-daemon/nix-daemon.cc | 8 ++++---- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/third_party/nix/.clang-tidy b/third_party/nix/.clang-tidy index 4e0e8b6e0..bccfa148c 100644 --- a/third_party/nix/.clang-tidy +++ b/third_party/nix/.clang-tidy @@ -1,3 +1,3 @@ --- -WarningsAsErrors: 'abseil-*' +WarningsAsErrors: 'abseil-*,clang-analyzer-security.insecureAPI.strcpy' ... diff --git a/third_party/nix/src/libstore/build.cc b/third_party/nix/src/libstore/build.cc index dcc3c7edc..da35388d8 100644 --- a/third_party/nix/src/libstore/build.cc +++ b/third_party/nix/src/libstore/build.cc @@ -2833,7 +2833,7 @@ void DerivationGoal::runChild() { } struct ifreq ifr; - strcpy(ifr.ifr_name, "lo"); + strncpy(ifr.ifr_name, "lo", sizeof("lo")); ifr.ifr_flags = IFF_UP | IFF_LOOPBACK | IFF_RUNNING; if (ioctl(fd.get(), SIOCSIFFLAGS, &ifr) == -1) { throw SysError("cannot set loopback interface flags"); diff --git a/third_party/nix/src/libstore/remote-store.cc b/third_party/nix/src/libstore/remote-store.cc index 7c4f3a138..33a6ec310 100644 --- a/third_party/nix/src/libstore/remote-store.cc +++ b/third_party/nix/src/libstore/remote-store.cc @@ -99,12 +99,13 @@ ref UDSRemoteStore::openConnection() { struct sockaddr_un addr; addr.sun_family = AF_UNIX; - if (socketPath.size() + 1 >= sizeof(addr.sun_path)) { + strncpy(addr.sun_path, socketPath.c_str(), sizeof(addr.sun_path)); + if (addr.sun_path[sizeof(addr.sun_path) - 1] != '\0') { throw Error(format("socket path '%1%' is too long") % socketPath); } - strcpy(addr.sun_path, socketPath.c_str()); - if (::connect(conn->fd.get(), (struct sockaddr*)&addr, sizeof(addr)) == -1) { + if (::connect(conn->fd.get(), reinterpret_cast(&addr), + sizeof(addr)) == -1) { throw SysError(format("cannot connect to daemon at '%1%'") % socketPath); } diff --git a/third_party/nix/src/nix-daemon/nix-daemon.cc b/third_party/nix/src/nix-daemon/nix-daemon.cc index dc5295821..1f49788ae 100644 --- a/third_party/nix/src/nix-daemon/nix-daemon.cc +++ b/third_party/nix/src/nix-daemon/nix-daemon.cc @@ -970,10 +970,10 @@ static void daemonLoop(char** argv) { struct sockaddr_un addr; addr.sun_family = AF_UNIX; - if (socketPathRel.size() >= sizeof(addr.sun_path)) { + strncpy(addr.sun_path, socketPathRel.c_str(), sizeof(addr.sun_path)); + if (addr.sun_path[sizeof(addr.sun_path) - 1] != '\0') { throw Error(format("socket path '%1%' is too long") % socketPathRel); } - strcpy(addr.sun_path, socketPathRel.c_str()); unlink(socketPath.c_str()); @@ -1125,10 +1125,10 @@ static int _main(int argc, char** argv) { auto socketName = baseNameOf(socketPath); auto addr = sockaddr_un{}; addr.sun_family = AF_UNIX; - if (socketName.size() + 1 >= sizeof(addr.sun_path)) { + strncpy(addr.sun_path, socketName.c_str(), sizeof(addr.sun_path)); + if (addr.sun_path[sizeof(addr.sun_path) - 1] != '\0') { throw Error(format("socket name %1% is too long") % socketName); } - strcpy(addr.sun_path, socketName.c_str()); if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) == -1) { throw SysError(format("cannot connect to daemon at %1%") %