svn commit: r343408 - head/usr.bin/whereis

[Stefan Esser]

Author: se
Date: Thu Jan 24 18:39:45 2019
New Revision: 343408
URL: https://svnweb.freebsd.org/changeset/base/343408

Log:
  Silence Clang Scan warnings regarding the use of strcp().
  
  While these warnings are false positives, the use of strdup() instead of
  malloc() and strcpy() simplifies and clarifies the code.
  
  While checking the remaining uses of strcpy and strcat I noticed an
  assignment of a strlen() to a variable "s", whose value needs to be
  preserved for use in later output routines (where it is used to allocate
  a buffer). I do not think that the value of "s" will come out lower than
  its correct value and thus there is no risk of a buffer overflow, in the
  general case, but a specially crafter argument might lead to an overflow.
  
  The bogus assignment to "s" is removed since this value was only used a
  single time in the following malloc() call, which has been removed.
  
  MFC after:	2 weeks

Modified:
  head/usr.bin/whereis/whereis.c

Modified: head/usr.bin/whereis/whereis.c
==============================================================================
--- head/usr.bin/whereis/whereis.c	Thu Jan 24 18:26:30 2019	(r343407)
+++ head/usr.bin/whereis/whereis.c	Thu Jan 24 18:39:45 2019	(r343408)
@@ -285,9 +285,9 @@ defaults(void)
 		bindirs[nele] = NULL;
 		if ((cp = getenv("PATH")) != NULL) {
 			/* don't destroy the original environment... */
-			if ((b = malloc(strlen(cp) + 1)) == NULL)
+			b = strdup(cp);
+			if (b == NULL)
 				abort();
-			strcpy(b, cp);
 			decolonify(b, &bindirs, &nele);
 		}
 	}
@@ -301,18 +301,18 @@ defaults(void)
 			err(EX_OSERR, "error processing manpath results");
 		if ((b = strchr(buf, '\n')) != NULL)
 			*b = '\0';
-		if ((b = malloc(strlen(buf) + 1)) == NULL)
+		b = strdup(buf);
+		if (b == NULL)
 			abort();
-		strcpy(b, buf);
 		nele = 0;
 		decolonify(b, &mandirs, &nele);
 	}
 
 	/* -s defaults to precompiled list, plus subdirs of /usr/ports */
 	if (!sourcedirs) {
-		if ((b = malloc(strlen(sourcepath) + 1)) == NULL)
+		b = strdup(sourcepath);
+		if (b == NULL)
 			abort();
-		strcpy(b, sourcepath);
 		nele = 0;
 		decolonify(b, &sourcedirs, &nele);
 
@@ -523,11 +523,9 @@ main(int argc, char **argv)
 						 * man -w found plain source
 						 * page, use it.
 						 */
-						s = strlen(buf);
-						cp2 = malloc(s + 1);
+						cp2 = strdup(buf);
 						if (cp2 == NULL)
 							abort();
-						strcpy(cp2, buf);
 					}
 
 					if (man == NULL) {