From af0b7a1fa11c2ceedeb9f66ca950f6c0bff8ad8f Mon Sep 17 00:00:00 2001 From: molivier Date: Tue, 30 Sep 2003 12:58:04 +0000 Subject: [PATCH] Lots of str[n]cat, str[n]cpy, and [v]sprintf have been replaced by strlcat, strlcpy and [v]snprintf to insure that they don't write outside of their buffers. More to come later. git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@3518 d7cf8633-e32d-0410-b094-e92efae38249 --- cd_linux.c | 2 +- cl_demo.c | 9 ++++----- cl_main.c | 3 +-- cl_parse.c | 10 +++++----- cl_screen.c | 12 ++++++------ cmd.c | 8 ++++---- common.c | 2 +- filematch.c | 4 ++-- fs.c | 24 ++++++++++++------------ fs.h | 2 +- host_cmd.c | 14 ++++++-------- menu.c | 2 +- model_brush.c | 4 ++-- model_shared.c | 12 ++++++------ netconn.c | 16 +++++++--------- pr_edict.c | 50 +++++++++++++++++++++++++------------------------- sv_main.c | 2 +- ui.c | 2 +- 18 files changed, 86 insertions(+), 92 deletions(-) diff --git a/cd_linux.c b/cd_linux.c index 1385cb5d..de4da156 100644 --- a/cd_linux.c +++ b/cd_linux.c @@ -379,7 +379,7 @@ int CDAudio_Init(void) return -1; if ((i = COM_CheckParm("-cddev")) != 0 && i < com_argc - 1) { - strncpy(cd_dev, com_argv[i + 1], sizeof(cd_dev)); + strlcpy (cd_dev, com_argv[i + 1], sizeof (cd_dev)); cd_dev[sizeof(cd_dev) - 1] = 0; } diff --git a/cl_demo.c b/cl_demo.c index e6aca73d..f767dc89 100644 --- a/cl_demo.c +++ b/cl_demo.c @@ -259,9 +259,8 @@ void CL_Record_f (void) track = -1; // get the demo name - strncpy (name, Cmd_Argv(1), sizeof (name) - 1); - name[sizeof (name) - 1] = '\0'; - FS_DefaultExtension (name, ".dem"); + strlcpy (name, Cmd_Argv(1), sizeof (name)); + FS_DefaultExtension (name, ".dem", sizeof (name)); // start the map up if (c > 2) @@ -312,8 +311,8 @@ void CL_PlayDemo_f (void) NetConn_ClientFrame(); // open the demo file - strcpy (name, Cmd_Argv(1)); - FS_DefaultExtension (name, ".dem"); + strlcpy (name, Cmd_Argv(1), sizeof (name)); + FS_DefaultExtension (name, ".dem", sizeof (name)); Con_Printf ("Playing demo from %s.\n", name); cls.demofile = FS_Open (name, "rb", false); diff --git a/cl_main.c b/cl_main.c index b235339c..b57f4507 100644 --- a/cl_main.c +++ b/cl_main.c @@ -268,10 +268,9 @@ static void CL_PrintEntities_f(void) continue; if (ent->render.model) - strncpy(name, ent->render.model->name, 25); + strlcpy (name, ent->render.model->name, 25); else strcpy(name, "--no model--"); - name[25] = 0; for (j = strlen(name);j < 25;j++) name[j] = ' '; Con_Printf ("%3i: %s:%04i (%5i %5i %5i) [%3i %3i %3i] %4.2f %5.3f\n", i, name, ent->render.frame, (int) ent->render.origin[0], (int) ent->render.origin[1], (int) ent->render.origin[2], (int) ent->render.angles[0] % 360, (int) ent->render.angles[1] % 360, (int) ent->render.angles[2] % 360, ent->render.scale, ent->render.alpha); diff --git a/cl_parse.c b/cl_parse.c index c5f78db0..9a7ad21a 100644 --- a/cl_parse.c +++ b/cl_parse.c @@ -354,7 +354,7 @@ void CL_ParseServerInfo (void) // parse signon message str = MSG_ReadString (); - strncpy (cl.levelname, str, sizeof(cl.levelname)-1); + strlcpy (cl.levelname, str, sizeof(cl.levelname)); // seperate the printfs so the server message can have a color if (cl.protocol != PROTOCOL_NEHAHRAMOVIE) // no messages when playing the Nehahra movie @@ -1465,8 +1465,8 @@ void CL_ParseServerMessage(void) i &= 31; while(count > 0) { - sprintf(temp, "%3i:%s ", cmdlog[i], cmdlogname[i]); - strcat(description, temp); + snprintf (temp, sizeof (temp), "%3i:%s ", cmdlog[i], cmdlogname[i]); + strlcat (description, temp, sizeof (description)); count--; i++; i &= 31; @@ -1550,7 +1550,7 @@ void CL_ParseServerMessage(void) i = MSG_ReadByte (); if (i >= MAX_LIGHTSTYLES) Host_Error ("svc_lightstyle >= MAX_LIGHTSTYLES"); - strncpy (cl_lightstyle[i].map, MSG_ReadString(), MAX_STYLESTRING - 1); + strlcpy (cl_lightstyle[i].map, MSG_ReadString(), sizeof (cl_lightstyle[i].map)); cl_lightstyle[i].map[MAX_STYLESTRING - 1] = 0; cl_lightstyle[i].length = strlen(cl_lightstyle[i].map); break; @@ -1572,7 +1572,7 @@ void CL_ParseServerMessage(void) i = MSG_ReadByte (); if (i >= cl.maxclients) Host_Error ("CL_ParseServerMessage: svc_updatename >= cl.maxclients"); - strcpy (cl.scores[i].name, MSG_ReadString ()); + strlcpy (cl.scores[i].name, MSG_ReadString (), sizeof (cl.scores[i].name)); break; case svc_updatefrags: diff --git a/cl_screen.c b/cl_screen.c index 63668ca6..c916aafc 100644 --- a/cl_screen.c +++ b/cl_screen.c @@ -64,7 +64,7 @@ for a few moments */ void SCR_CenterPrint (char *str) { - strncpy (scr_centerstring, str, sizeof(scr_centerstring)-1); + strlcpy (scr_centerstring, str, sizeof (scr_centerstring)); scr_centertime_off = scr_centertime.value; scr_centertime_start = cl.time; @@ -802,7 +802,7 @@ static void R_Envmap_f (void) return; } - strcpy(basename, Cmd_Argv(1)); + strlcpy (basename, Cmd_Argv(1), sizeof (basename)); size = atoi(Cmd_Argv(2)); if (size != 128 && size != 256 && size != 512 && size != 1024) { @@ -871,8 +871,8 @@ void SHOWLMP_decodeshow(void) int i, k; qbyte lmplabel[256], picname[256]; float x, y; - strcpy(lmplabel,MSG_ReadString()); - strcpy(picname, MSG_ReadString()); + strlcpy (lmplabel,MSG_ReadString(), sizeof (lmplabel)); + strlcpy (picname, MSG_ReadString(), sizeof (picname)); if (gamemode == GAME_NEHAHRA) // LordHavoc: nasty old legacy junk { x = MSG_ReadByte(); @@ -899,8 +899,8 @@ void SHOWLMP_decodeshow(void) return; // none found to replace // change existing one showlmp[k].isactive = true; - strcpy(showlmp[k].label, lmplabel); - strcpy(showlmp[k].pic, picname); + strlcpy (showlmp[k].label, lmplabel, sizeof (showlmp[k].label)); + strlcpy (showlmp[k].pic, picname, sizeof (showlmp[k].pic)); showlmp[k].x = x; showlmp[k].y = y; } diff --git a/cmd.c b/cmd.c index 79f9137b..b6436b38 100644 --- a/cmd.c +++ b/cmd.c @@ -377,18 +377,18 @@ static void Cmd_Alias_f (void) a->next = cmd_alias; cmd_alias = a; } - strcpy (a->name, s); + strlcpy (a->name, s, sizeof (a->name)); // copy the rest of the command line cmd[0] = 0; // start out with a null string c = Cmd_Argc(); for (i=2 ; i< c ; i++) { - strcat (cmd, Cmd_Argv(i)); + strlcat (cmd, Cmd_Argv(i), sizeof (cmd)); if (i != c) - strcat (cmd, " "); + strlcat (cmd, " ", sizeof (cmd)); } - strcat (cmd, "\n"); + strlcat (cmd, "\n", sizeof (cmd)); a->value = CopyString (cmd); } diff --git a/common.c b/common.c index 38b01f00..7dab60b7 100644 --- a/common.c +++ b/common.c @@ -835,7 +835,7 @@ char *va(const char *format, ...) s = string[stringindex]; stringindex = (stringindex + 1) & 7; va_start (argptr, format); - vsprintf (s, format,argptr); + vsnprintf (s, sizeof (string[0]), format,argptr); va_end (argptr); return s; diff --git a/filematch.c b/filematch.c index ff243476..e3e35c80 100644 --- a/filematch.c +++ b/filematch.c @@ -129,8 +129,8 @@ stringlist_t *listdirectory(char *path) struct _finddata_t n_file; long hFile; stringlist_t *start, *current; - strcpy(pattern, path); - strcat(pattern, "\\*"); + strlcpy (pattern, path, sizeof (pattern)); + strlcat (pattern, "\\*", sizeof (pattern)); // ask for the directory listing handle hFile = _findfirst(pattern, &n_file); if(hFile != -1) diff --git a/fs.c b/fs.c index 90ac5780..b0c2de1e 100644 --- a/fs.c +++ b/fs.c @@ -547,7 +547,7 @@ pack_t *FS_LoadPackPK3 (const char *packfile) // Create a package structure in memory pack = Mem_Alloc (pak_mempool, sizeof (pack_t)); pack->ignorecase = true; // PK3 ignores case - strcpy (pack->filename, packfile); + strlcpy (pack->filename, packfile, sizeof (pack->filename)); pack->handle = packhandle; pack->numfiles = eocd.nbentries; pack->mempool = Mem_AllocPool (packfile); @@ -688,7 +688,7 @@ pack_t *FS_LoadPackPAK (const char *packfile) pack = Mem_Alloc(pak_mempool, sizeof (pack_t)); pack->ignorecase = false; // PAK is case sensitive - strcpy (pack->filename, packfile); + strlcpy (pack->filename, packfile, sizeof (pack->filename)); pack->handle = packhandle; pack->numfiles = numpackfiles; pack->mempool = Mem_AllocPool(packfile); @@ -706,7 +706,7 @@ pack_t *FS_LoadPackPAK (const char *packfile) size_t size; packfile_t *file = &pack->files[i]; - strcpy (file->name, info[i].name); + strlcpy (file->name, info[i].name, sizeof (file->name)); file->offset = LittleLong(info[i].filepos); size = LittleLong (info[i].filelen); file->packsize = size; @@ -736,11 +736,11 @@ void FS_AddGameDirectory (char *dir) pack_t *pak; char pakfile[MAX_OSPATH]; - strcpy (fs_gamedir, dir); + strlcpy (fs_gamedir, dir, sizeof (fs_gamedir)); // add the directory to the search path search = Mem_Alloc(pak_mempool, sizeof(searchpath_t)); - strcpy (search->filename, dir); + strlcpy (search->filename, dir, sizeof (search->filename)); search->next = fs_searchpaths; fs_searchpaths = search; @@ -840,19 +840,19 @@ void FS_Init (void) // Overrides the system supplied base directory (under GAMENAME) i = COM_CheckParm ("-basedir"); if (i && i < com_argc-1) - strcpy (fs_basedir, com_argv[i+1]); + strlcpy (fs_basedir, com_argv[i+1], sizeof (fs_basedir)); i = strlen (fs_basedir); if (i > 0 && (fs_basedir[i-1] == '\\' || fs_basedir[i-1] == '/')) fs_basedir[i-1] = 0; // start up with GAMENAME by default (id1) - strcpy(com_modname, GAMENAME); + strlcpy (com_modname, GAMENAME, sizeof (com_modname)); FS_AddGameDirectory (va("%s/"GAMENAME, fs_basedir)); if (gamedirname[0]) { fs_modified = true; - strcpy(com_modname, gamedirname); + strlcpy (com_modname, gamedirname, sizeof (com_modname)); FS_AddGameDirectory (va("%s/%s", fs_basedir, gamedirname)); } @@ -862,7 +862,7 @@ void FS_Init (void) if (i && i < com_argc-1) { fs_modified = true; - strcpy(com_modname, com_argv[i+1]); + strlcpy (com_modname, com_argv[i+1], sizeof (com_modname)); FS_AddGameDirectory (va("%s/%s", fs_basedir, com_argv[i+1])); } @@ -892,7 +892,7 @@ void FS_Init (void) Sys_Error ("Couldn't load packfile: %s", com_argv[i]); } else - strcpy (search->filename, com_argv[i]); + strlcpy (search->filename, com_argv[i], sizeof (search->filename)); search->next = fs_searchpaths; fs_searchpaths = search; } @@ -1658,7 +1658,7 @@ void FS_StripExtension (const char *in, char *out) FS_DefaultExtension ================== */ -void FS_DefaultExtension (char *path, const char *extension) +void FS_DefaultExtension (char *path, const char *extension, size_t size_path) { const char *src; @@ -1673,7 +1673,7 @@ void FS_DefaultExtension (char *path, const char *extension) src--; } - strcat (path, extension); + strlcat (path, extension, size_path); } diff --git a/fs.h b/fs.h index f0f46f8d..f41a6f1c 100644 --- a/fs.h +++ b/fs.h @@ -64,7 +64,7 @@ qboolean FS_WriteFile (const char *filename, void *data, int len); // ------ Other functions ------ // void FS_StripExtension (const char *in, char *out); -void FS_DefaultExtension (char *path, const char *extension); +void FS_DefaultExtension (char *path, const char *extension, size_t size_path); qboolean FS_FileExists (const char *filename); // the file can be into a package qboolean FS_SysFileExists (const char *filename); // only look for files outside of packages diff --git a/host_cmd.c b/host_cmd.c index d8a52660..528af90a 100644 --- a/host_cmd.c +++ b/host_cmd.c @@ -452,9 +452,8 @@ void Host_Savegame_f (void) return; } - strncpy (name, Cmd_Argv(1), sizeof (name) - 1); - name[sizeof (name) - 1] = '\0'; - FS_DefaultExtension (name, ".sav"); + strlcpy (name, Cmd_Argv(1), sizeof (name)); + FS_DefaultExtension (name, ".sav", sizeof (name)); Con_Printf ("Saving game to %s...\n", name); f = FS_Open (name, "w", false); @@ -514,7 +513,7 @@ void Host_Loadgame_f (void) } strcpy (sv_loadgame, Cmd_Argv(1)); - FS_DefaultExtension (sv_loadgame, ".sav"); + FS_DefaultExtension (sv_loadgame, ".sav", sizeof (sv_loadgame)); Con_Printf ("Loading game from %s...\n", sv_loadgame); } @@ -675,10 +674,9 @@ void Host_Name_f (void) } if (Cmd_Argc () == 2) - strncpy(newName, Cmd_Argv(1), sizeof(host_client->name) - 1); + strlcpy (newName, Cmd_Argv(1), sizeof (newName)); else - strncpy(newName, Cmd_Args(), sizeof(host_client->name) - 1); - newName[sizeof(host_client->name) - 1] = 0; + strlcpy (newName, Cmd_Args(), sizeof (newName)); if (cmd_source == src_command) { @@ -1593,7 +1591,7 @@ void Host_Startdemos_f (void) Con_DPrintf ("%i demo(s) in loop\n", c); for (i=1 ; iname, in->name, sizeof(out->name) - 1); + strlcpy (out->name, in->name, sizeof (out->name)); out->surfaceflags = LittleLong(in->surfaceflags); out->nativecontents = LittleLong(in->contents); out->supercontents = Mod_Q3BSP_SuperContentsFromNativeContents(loadmodel, out->nativecontents); @@ -3452,7 +3452,7 @@ static void Mod_Q3BSP_LoadEffects(lump_t *l) for (i = 0;i < count;i++, in++, out++) { - strncpy(out->shadername, in->shadername, sizeof(out->shadername) - 1); + strlcpy (out->shadername, in->shadername, sizeof (out->shadername)); n = LittleLong(in->brushindex); if (n < 0 || n >= loadmodel->brushq3.num_brushes) Host_Error("Mod_Q3BSP_LoadEffects: invalid brushindex %i (%i brushes)\n", n, loadmodel->brushq3.num_brushes); diff --git a/model_shared.c b/model_shared.c index ebcdc6a8..4b4ea56e 100644 --- a/model_shared.c +++ b/model_shared.c @@ -1002,7 +1002,7 @@ tag_torso, do { if (words < 10) - strncpy(word[words++], com_token, MAX_QPATH - 1); + strlcpy(word[words++], com_token, sizeof (word[0])); else wordsoverflow = true; } @@ -1021,8 +1021,8 @@ tag_torso, skinfileitem = Mem_Alloc(tempmempool, sizeof(skinfileitem_t)); skinfileitem->next = skinfile->items; skinfile->items = skinfileitem; - strncpy(skinfileitem->name, word[1], sizeof(skinfileitem->name) - 1); - strncpy(skinfileitem->replacement, word[2], sizeof(skinfileitem->replacement) - 1); + strlcpy (skinfileitem->name, word[1], sizeof (skinfileitem->name)); + strlcpy (skinfileitem->replacement, word[2], sizeof (skinfileitem->replacement)); } else Con_Printf("Mod_LoadSkinFiles: parsing error in file \"%s_%i.skin\" on line #%i: wrong number of parameters to command \"%s\", see documentation in DP_GFX_SKINFILES extension in dpextensions.qc\n", loadmodel->name, i, line, word[0]); @@ -1032,7 +1032,7 @@ tag_torso, // tag name, like "tag_weapon," Con_DPrintf("Mod_LoadSkinFiles: parsed tag #%i \"%s\"\n", numtags, word[0]); memset(tags + numtags, 0, sizeof(tags[numtags])); - strncpy(tags[numtags].name, word[0], sizeof(tags[numtags].name) - 1); + strlcpy (tags[numtags].name, word[0], sizeof (tags[numtags].name)); numtags++; } else if (words == 3 && !strcmp(word[1], ",")) @@ -1042,8 +1042,8 @@ tag_torso, skinfileitem = Mem_Alloc(tempmempool, sizeof(skinfileitem_t)); skinfileitem->next = skinfile->items; skinfile->items = skinfileitem; - strncpy(skinfileitem->name, word[0], sizeof(skinfileitem->name) - 1); - strncpy(skinfileitem->replacement, word[2], sizeof(skinfileitem->replacement) - 1); + strlcpy (skinfileitem->name, word[0], sizeof (skinfileitem->name)); + strlcpy (skinfileitem->replacement, word[2], sizeof (skinfileitem->replacement)); } else Con_Printf("Mod_LoadSkinFiles: parsing error in file \"%s_%i.skin\" on line #%i: does not look like tag or mesh specification, or replace command, see documentation in DP_GFX_SKINFILES extension in dpextensions.qc\n", loadmodel->name, i, line); diff --git a/netconn.c b/netconn.c index d72dffed..c37a42b4 100755 --- a/netconn.c +++ b/netconn.c @@ -695,10 +695,10 @@ int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, qbyte *data, int length, string += 13; // hostcache only uses text addresses LHNETADDRESS_ToString(peeraddress, cname, sizeof(cname), true); - if ((s = SearchInfostring(string, "gamename" )) != NULL) strncpy(game, s, sizeof(game) - 1);else game[0] = 0; - if ((s = SearchInfostring(string, "modname" )) != NULL) strncpy(mod , s, sizeof(mod ) - 1);else mod[0] = 0; - if ((s = SearchInfostring(string, "mapname" )) != NULL) strncpy(map , s, sizeof(map ) - 1);else map[0] = 0; - if ((s = SearchInfostring(string, "hostname" )) != NULL) strncpy(name, s, sizeof(name) - 1);else name[0] = 0; + if ((s = SearchInfostring(string, "gamename" )) != NULL) strlcpy(game, s, sizeof (game));else game[0] = 0; + if ((s = SearchInfostring(string, "modname" )) != NULL) strlcpy(mod , s, sizeof (mod ));else mod[0] = 0; + if ((s = SearchInfostring(string, "mapname" )) != NULL) strlcpy(map , s, sizeof (map ));else map[0] = 0; + if ((s = SearchInfostring(string, "hostname" )) != NULL) strlcpy(name, s, sizeof (name));else name[0] = 0; if ((s = SearchInfostring(string, "protocol" )) != NULL) c = atoi(s);else c = -1; if ((s = SearchInfostring(string, "clients" )) != NULL) users = atoi(s);else users = 0; if ((s = SearchInfostring(string, "sv_maxclients")) != NULL) maxusers = atoi(s);else maxusers = 0; @@ -869,7 +869,7 @@ int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, qbyte *data, int length, if (developer.integer) Con_Printf("Datagram_ParseConnectionless: received CCREP_REJECT from %s.\n", addressstring2); Con_Printf("%s\n", data); - strncpy(m_return_reason, data, sizeof(m_return_reason) - 1); + strlcpy (m_return_reason, data, sizeof (m_return_reason)); break; #if 0 case CCREP_SERVER_INFO: @@ -898,11 +898,9 @@ int NetConn_ClientParsePacket(lhnetsocket_t *mysocket, qbyte *data, int length, c = MSG_ReadByte(); if (c != NET_PROTOCOL_VERSION) { - strncpy(hostcache[n].cname, hostcache[n].name, sizeof(hostcache[n].cname) - 1); - hostcache[n].cname[sizeof(hostcache[n].cname) - 1] = 0; + strlcpy (hostcache[n].cname, hostcache[n].name, sizeof (hostcache[n].cname)); strcpy(hostcache[n].name, "*"); - strncat(hostcache[n].name, hostcache[n].cname, sizeof(hostcache[n].name) - 1); - hostcache[n].name[sizeof(hostcache[n].name) - 1] = 0; + strlcat (hostcache[n].name, hostcache[n].cname, sizeof(hostcache[n].name)); } strcpy(hostcache[n].cname, cname); } diff --git a/pr_edict.c b/pr_edict.c index 2220e725..750c26c2 100644 --- a/pr_edict.c +++ b/pr_edict.c @@ -524,17 +524,17 @@ char *PR_GlobalString (int ofs) val = (void *)&pr_globals[ofs]; def = ED_GlobalAtOfs(ofs); if (!def) - sprintf (line,"%i(?)", ofs); + snprintf (line, sizeof (line), "%i(?)", ofs); else { s = PR_ValueString (def->type, val); - sprintf (line,"%i(%s)%s", ofs, PR_GetString(def->s_name), s); + snprintf (line, sizeof (line), "%i(%s)%s", ofs, PR_GetString(def->s_name), s); } i = strlen(line); for ( ; i<20 ; i++) - strcat (line," "); - strcat (line," "); + strlcat (line, " ", sizeof (line)); + strlcat (line, " ", sizeof (line)); return line; } @@ -547,14 +547,14 @@ char *PR_GlobalStringNoContents (int ofs) def = ED_GlobalAtOfs(ofs); if (!def) - sprintf (line,"%i(?)", ofs); + snprintf (line, sizeof (line), "%i(?)", ofs); else - sprintf (line,"%i(%s)", ofs, PR_GetString(def->s_name)); + snprintf (line, sizeof (line), "%i(%s)", ofs, PR_GetString(def->s_name)); i = strlen(line); for ( ; i<20 ; i++) - strcat (line," "); - strcat (line," "); + strlcat (line, " ", sizeof (line)); + strlcat (line, " ", sizeof (line)); return line; } @@ -612,7 +612,7 @@ void ED_Print (edict_t *ed) tempstring2[259] = 0; name = tempstring2; } - strcat(tempstring, name); + strlcat (tempstring, name, sizeof (tempstring)); for (l = strlen(name);l < 14;l++) strcat(tempstring, " "); strcat(tempstring, " "); @@ -625,8 +625,8 @@ void ED_Print (edict_t *ed) tempstring2[259] = 0; name = tempstring2; } - strcat(tempstring, name); - strcat(tempstring, "\n"); + strlcat (tempstring, name, sizeof (tempstring)); + strlcat (tempstring, "\n", sizeof (tempstring)); if (strlen(tempstring) >= 4096) { Con_Printf("%s", tempstring); @@ -1478,32 +1478,32 @@ void PR_Fields_f (void) switch(d->type & ~DEF_SAVEGLOBAL) { case ev_string: - strcat(tempstring, "string "); + strlcat (tempstring, "string ", sizeof (tempstring)); break; case ev_entity: - strcat(tempstring, "entity "); + strlcat (tempstring, "entity ", sizeof (tempstring)); break; case ev_function: - strcat(tempstring, "function "); + strlcat (tempstring, "function ", sizeof (tempstring)); break; case ev_field: - strcat(tempstring, "field "); + strlcat (tempstring, "field ", sizeof (tempstring)); break; case ev_void: - strcat(tempstring, "void "); + strlcat (tempstring, "void ", sizeof (tempstring)); break; case ev_float: - strcat(tempstring, "float "); + strlcat (tempstring, "float ", sizeof (tempstring)); break; case ev_vector: - strcat(tempstring, "vector "); + strlcat (tempstring, "vector ", sizeof (tempstring)); break; case ev_pointer: - strcat(tempstring, "pointer "); + strlcat (tempstring, "pointer ", sizeof (tempstring)); break; default: - sprintf (tempstring2, "bad type %i ", d->type & ~DEF_SAVEGLOBAL); - strcat(tempstring, tempstring2); + snprintf (tempstring2, sizeof (tempstring2), "bad type %i ", d->type & ~DEF_SAVEGLOBAL); + strlcat (tempstring, tempstring2, sizeof (tempstring)); break; } if (strlen(name) > 256) @@ -1513,12 +1513,12 @@ void PR_Fields_f (void) tempstring2[259] = 0; name = tempstring2; } - strcat(tempstring, name); + strcat (tempstring, name); for (j = strlen(name);j < 25;j++) strcat(tempstring, " "); - sprintf(tempstring2, "%5d", counts[i]); - strcat(tempstring, tempstring2); - strcat(tempstring, "\n"); + snprintf (tempstring2, sizeof (tempstring2), "%5d", counts[i]); + strlcat (tempstring, tempstring2, sizeof (tempstring)); + strlcat (tempstring, "\n", sizeof (tempstring)); if (strlen(tempstring) >= 4096) { Con_Printf("%s", tempstring); diff --git a/sv_main.c b/sv_main.c index 8f4eb831..ac636824 100644 --- a/sv_main.c +++ b/sv_main.c @@ -1370,7 +1370,7 @@ void SV_UpdateToReliableMessages (void) if (s == NULL) s = ""; // point the string back at host_client->name to keep it safe - strncpy(host_client->name, s, sizeof(host_client->name) - 1); + strlcpy (host_client->name, s, sizeof (host_client->name)); sv_player->v->netname = PR_SetString(host_client->name); } if ((val = GETEDICTFIELDVALUE(sv_player, eval_clientcolors)) && host_client->colors != val->_float) diff --git a/ui.c b/ui.c index b2b91bc4..82fccb52 100644 --- a/ui.c +++ b/ui.c @@ -118,7 +118,7 @@ void ui_item ui->item_count++; } memset(it, 0, sizeof(ui_item_t)); - strncpy(it->name, itemname, 32); + strlcpy (it->name, itemname, sizeof (it->name)); it->flags = 0; if (picname || string) { -- 2.39.2