shadow/libmisc
Alejandro Colomar 220b352b70 Use strlcpy(3) instead of its pattern
-  Since strncpy(3) is not designed to write strings, but rather
   (null-padded) character sequences (a.k.a. unterminated strings), we
   had to manually append a '\0'.  strlcpy(3) creates strings, so they
   are always terminated.  This removes dependencies between lines, and
   also removes chances of accidents.

-  Repurposing strncpy(3) to create strings requires calculating the
   location of the terminating null byte, which involves a '-1'
   calculation.  This is a source of off-by-one bugs.  The new code has
   no '-1' calculations, so there's almost-zero chance of these bugs.

-  strlcpy(3) doesn't padd with null bytes.  Padding is relevant when
   writing fixed-width buffers to binary files, when interfacing certain
   APIs (I believe utmpx requires null padding at lease in some
   systems), or when sending them to other processes or through the
   network.  This is not the case, so padding is effectively ignored.

-  strlcpy(3) requires that the input string is really a string;
   otherwise it crashes (SIGSEGV).  Let's check if the input strings are
   really strings:

   -  lib/fields.c:
      -  'cp' was assigned from 'newft', and 'newft' comes from fgets(3).

   -  lib/gshadow.c:
      -  strlen(string) is calculated a few lines above.

   -  libmisc/console.c:
      -  'cons' comes from getdef_str, which is a bit cryptic, but seems
         to generate strings, I guess.1

   -  libmisc/date_to_str.c:
      -  It receives a string literal.  :)

   -  libmisc/utmp.c:
      -  'tname' comes from ttyname(3), which returns a string.

   -  src/su.c:
      -  'tmp_name' has been passed to strcmp(3) a few lines above.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-12-22 18:03:39 -06:00
..
.indent.pro
addgrps.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
age.c
agetpass.c agetpass: Hook into build-system 2022-12-05 10:47:19 +01:00
audit_help.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
basename.c
btrfs.c Declare read-only data const 2022-08-06 11:27:56 -05:00
chkname.c shadow: use relaxed usernames 2022-09-02 20:27:14 -05:00
chkname.h
chowndir.c Avoid races in chown_tree() 2022-08-17 12:34:01 -05:00
chowntty.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
cleanup_group.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
cleanup_user.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
cleanup.c
console.c Use strlcpy(3) instead of its pattern 2022-12-22 18:03:39 -06:00
copydir.c Assume struct stat has st_atim and st_mtim fields 2022-12-22 09:49:02 -06:00
date_to_str.c Use strlcpy(3) instead of its pattern 2022-12-22 18:03:39 -06:00
entry.c
env.c Declare read-only data const 2022-08-06 11:27:56 -05:00
failure.c Cosmetic fixes 2022-12-22 10:31:43 +01:00
failure.h Disable utmpx permanently 2022-12-22 10:31:43 +01:00
find_new_gid.c libmisc: minimum id check for system accounts 2022-10-06 20:09:35 -05:00
find_new_sub_gids.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
find_new_sub_uids.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
find_new_uid.c libmisc: minimum id check for system accounts 2022-10-06 20:09:35 -05:00
getdate.h
getdate.y
getgr_nam_gid.c
getrange.c Declare read-only parameters const 2022-08-06 11:27:56 -05:00
gettime.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
hushed.c
idmapping.c Declare read-only parameters const 2022-08-06 11:27:56 -05:00
idmapping.h Add include for uid_t 2022-08-06 11:27:56 -05:00
isexpired.c
limits.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
list.c
log.c
loginprompt.c Assume SIGTSTP is defined 2022-12-15 16:22:05 -06:00
mail.c
Makefile.am agetpass: Hook into build-system 2022-12-05 10:47:19 +01:00
motd.c Drop register keyword 2022-08-06 11:27:56 -05:00
myname.c
obscure.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
pam_pass_non_interactive.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
pam_pass.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
prefix_flag.c Use strict prototypes 2022-01-03 15:09:17 +01:00
pwd2spwd.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
pwd_init.c Assume SIGTTOU is defined 2022-12-15 16:22:05 -06:00
pwdcheck.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
remove_tree.c Avoid races in remove_tree() 2022-08-17 12:34:01 -05:00
rlogin.c Assume B[0-9]* macros are defined 2022-12-15 16:22:05 -06:00
root_flag.c libmisc/root_flag: add tips for --root flag only support abspath 2022-08-06 15:04:06 -05:00
salt.c Assume l64a(3) exists 2022-12-15 16:22:05 -06:00
setugid.c
setupenv.c Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
shell.c Do not drop const qualifier for Basename 2022-01-03 15:09:17 +01:00
strtoday.c strtoday.c: remove unused defines.h inclusion 2022-12-22 10:39:45 -06:00
sub.c
sulog.c
ttytype.c
tz.c Don't redefine errno(3) 2022-12-22 11:43:29 +01:00
ulimit.c Remove comments that survived the Helicoprion 2022-12-15 16:22:05 -06:00
user_busy.c Disable utmpx permanently 2022-12-22 10:31:43 +01:00
utmp.c Use strlcpy(3) instead of its pattern 2022-12-22 18:03:39 -06:00
valid.c
xgetgrgid.c Assume getgrgid_r(3) exists 2022-12-15 16:22:05 -06:00
xgetgrnam.c Assume getgrnam_r(3) exists 2022-12-15 16:22:05 -06:00
xgetpwnam.c Assume getpwnam_r(3) exists 2022-12-15 16:22:05 -06:00
xgetpwuid.c Assume getpwuid_r(3) exists 2022-12-15 16:22:05 -06:00
xgetspnam.c
xgetXXbyYY.c Handle ERANGE error correctly 2022-03-18 20:24:10 -05:00
xmalloc.c Don't test for NULL before calling free(3) 2022-09-29 16:03:53 +02:00
yesno.c