svn commit: r319267 - in stable/10: usr.bin/mkuzip usr.sbin/pw

Tue May 30 22:48:18 UTC 2017

Author: asomers
Date: Tue May 30 22:48:17 2017
New Revision: 319267
URL: https://svnweb.freebsd.org/changeset/base/319267

Log:
  MFC r318141, r318143-r318144
  
  r318141:
  strcpy => strlcpy
  
  Reported by:	Coverity
  CID:		1352771
  Sponsored by:	Spectra Logic Corp
  
  r318143:
  strcpy => strlcpy
  
  Reported by:	Coverity
  CID:		1006715
  Sponsored by:	Spectra Logic Corp
  
  r318144:
  Don't depend on assert(3) getting evaluated
  
  Reported by:	imp
  X-MFC-With:	318141, 318143
  Sponsored by:	Spectra Logic Corp

Modified:
  stable/10/usr.bin/mkuzip/mkuzip.c
  stable/10/usr.sbin/pw/pw_user.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.bin/mkuzip/mkuzip.c
==============================================================================

--- stable/10/usr.bin/mkuzip/mkuzip.c	Tue May 30 22:46:00 2017	(r319266)
+++ stable/10/usr.bin/mkuzip/mkuzip.c	Tue May 30 22:48:17 2017	(r319267)
@@ -108,7 +108,7 @@ int main(int argc, char **argv)
 	struct mkuz_conveyor *cvp;
         void *c_ctx;
 	struct mkuz_blk_info *chit;
-	size_t ncpusz, ncpu;
+	size_t ncpusz, ncpu, magiclen;
 	double st, et;
 
 	st = getdtime();
@@ -192,7 +192,8 @@ int main(int argc, char **argv)
 		/* Not reached */
 	}
 
-	strcpy(hdr.magic, cfs.handler->magic);
+	magiclen = strlcpy(hdr.magic, cfs.handler->magic, sizeof(hdr.magic));
+	assert(magiclen < sizeof(hdr.magic));
 
 	if (cfs.en_dedup != 0) {
 		hdr.magic[CLOOP_OFS_VERSN] = CLOOP_MAJVER_3;

Modified: stable/10/usr.sbin/pw/pw_user.c
==============================================================================
--- stable/10/usr.sbin/pw/pw_user.c	Tue May 30 22:46:00 2017	(r319266)
+++ stable/10/usr.sbin/pw/pw_user.c	Tue May 30 22:48:17 2017	(r319267)
@@ -35,6 +35,7 @@ static const char rcsid[] =
 #include <sys/time.h>
 #include <sys/types.h>
 
+#include <assert.h>
 #include <ctype.h>
 #include <dirent.h>
 #include <err.h>
@@ -492,6 +493,7 @@ pw_pwcrypt(char *password)
 	char            salt[SALTSIZE + 1];
 	char		*cryptpw;
 	static char     buf[256];
+	size_t		pwlen;
 
 	/*
 	 * Calculate a salt value
@@ -503,7 +505,9 @@ pw_pwcrypt(char *password)
 	cryptpw = crypt(password, salt);
 	if (cryptpw == NULL)
 		errx(EX_CONFIG, "crypt(3) failure");
-	return strcpy(buf, cryptpw);
+	pwlen = strlcpy(buf, cryptpw, sizeof(buf));
+	assert(pwlen < sizeof(buf));
+	return (buf);
 }
 
 static char *
