TorqueGameEngines/Torque3D
1
0
Fork 0
mirror of https://github.com/TorqueGameEngines/Torque3D.git synced 2026-04-20 11:55:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use strncat instead of strcat to prevent some buffer overflows

Browse source
This commit is contained in:
Glenn Smith 2018-03-06 00:48:44 -05:00
parent 53f35e7fb1
commit 7769da9434
32 changed files with 147 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Engine/source/console/codeInterpreter.cpp
View file

@ -420,13 +420,13 @@ exitLabel:
if (gEvalState.traceOn)
{
sTraceBuffer[0] = 0;
dStrcat(sTraceBuffer, "Leaving ");
dStrcat(sTraceBuffer, "Leaving ", 1024);
if (packageName)
{
dStrcat(sTraceBuffer, "[");
dStrcat(sTraceBuffer, packageName);
dStrcat(sTraceBuffer, "]");
dStrcat(sTraceBuffer, "[", 1024);
dStrcat(sTraceBuffer, packageName, 1024);
dStrcat(sTraceBuffer, "]", 1024);
}
if (thisNamespace && thisNamespace->mName)
{
@ -471,13 +471,13 @@ void CodeInterpreter::parseArgs(U32 &ip)
if (gEvalState.traceOn)
{
sTraceBuffer[0] = 0;
dStrcat(sTraceBuffer, "Entering ");
dStrcat(sTraceBuffer, "Entering ", 1024);
if (mExec.packageName)
{
dStrcat(sTraceBuffer, "[");
dStrcat(sTraceBuffer, mExec.packageName);
dStrcat(sTraceBuffer, "]");
dStrcat(sTraceBuffer, "[", 1024);
dStrcat(sTraceBuffer, mExec.packageName, 1024);
dStrcat(sTraceBuffer, "]", 1024);
}
if (mExec.thisNamespace && mExec.thisNamespace->mName)
{
@ -491,11 +491,11 @@ void CodeInterpreter::parseArgs(U32 &ip)
}
for (S32 i = 0; i < wantedArgc; i++)
{
dStrcat(sTraceBuffer, mExec.argv[i + 1]);
dStrcat(sTraceBuffer, mExec.argv[i + 1], 1024);
if (i != wantedArgc - 1)
dStrcat(sTraceBuffer, ", ");
dStrcat(sTraceBuffer, ", ", 1024);
}
dStrcat(sTraceBuffer, ")");
dStrcat(sTraceBuffer, ")", 1024);
Con::printf("%s", sTraceBuffer);
}

4
Engine/source/console/compiledEval.cpp
View file

@ -70,9 +70,9 @@ namespace Con
ret[0] = 0;
for (walk = ns; walk; walk = walk->mParent)
{
dStrcat(ret, walk->mName);
dStrcat(ret, walk->mName, size);
if (walk->mParent)
dStrcat(ret, " -> ");
dStrcat(ret, " -> ", size);
}
return ret;
}

4
Engine/source/console/console.cpp
View file

@ -2176,8 +2176,8 @@ bool expandPath(char* pDstPath, U32 size, const char* pSrcPath, const char* pWor
}
// Format the output path.
dStrncat(pathBuffer, "/", sizeof(pathBuffer) - 1 - strlen(pathBuffer));
dStrncat(pathBuffer, pSrc, sizeof(pathBuffer) - 1 - strlen(pathBuffer));
dStrcat(pathBuffer, "/", sizeof(pathBuffer) - 1 - strlen(pathBuffer));
dStrcat(pathBuffer, pSrc, sizeof(pathBuffer) - 1 - strlen(pathBuffer));
// Are we ensuring the trailing slash?
if (ensureTrailingSlash)

6
Engine/source/console/consoleFunctions.cpp
View file

@ -1889,7 +1889,7 @@ ConsoleFunction( echo, void, 2, 0, "( string message... ) "
char *ret = Con::getReturnBuffer(len + 1);
ret[0] = 0;
for(i = 1; i < argc; i++)
dStrcat(ret, argv[i]);
dStrcat(ret, argv[i], len);
Con::printf("%s", ret);
ret[0] = 0;
@ -1913,7 +1913,7 @@ ConsoleFunction( warn, void, 2, 0, "( string message... ) "
char *ret = Con::getReturnBuffer(len + 1);
ret[0] = 0;
for(i = 1; i < argc; i++)
dStrcat(ret, argv[i]);
dStrcat(ret, argv[i], len);
Con::warnf(ConsoleLogEntry::General, "%s", ret);
ret[0] = 0;
@ -1937,7 +1937,7 @@ ConsoleFunction( error, void, 2, 0, "( string message... ) "
char *ret = Con::getReturnBuffer(len + 1);
ret[0] = 0;
for(i = 1; i < argc; i++)
dStrcat(ret, argv[i]);
dStrcat(ret, argv[i], len);
Con::errorf(ConsoleLogEntry::General, "%s", ret);
ret[0] = 0;

18
Engine/source/console/consoleInternal.cpp
View file

@ -900,21 +900,21 @@ DefineEngineFunction(backtrace, void, (), ,
buf[0] = 0;
for (U32 i = 0; i < gEvalState.getStackDepth(); i++)
{
dStrcat(buf, "->");
dStrcat(buf, "->", totalSize);
if (gEvalState.stack[i]->scopeNamespace && gEvalState.stack[i]->scopeNamespace->mEntryList->mPackage)
{
dStrcat(buf, "[");
dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mEntryList->mPackage);
dStrcat(buf, "]");
dStrcat(buf, "[", totalSize);
dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mEntryList->mPackage, totalSize);
dStrcat(buf, "]", totalSize);
}
if (gEvalState.stack[i]->scopeNamespace && gEvalState.stack[i]->scopeNamespace->mName)
{
dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mName);
dStrcat(buf, "::");
dStrcat(buf, gEvalState.stack[i]->scopeNamespace->mName, totalSize);
dStrcat(buf, "::", totalSize);
}
if (gEvalState.stack[i]->scopeName)
dStrcat(buf, gEvalState.stack[i]->scopeName);
dStrcat(buf, gEvalState.stack[i]->scopeName, totalSize);
}
Con::printf("BackTrace: %s", buf);
@ -1362,7 +1362,7 @@ void Namespace::addScriptCallback(const char *funcName, const char *usage, Conso
char lilBuffer[32];
dStrcpy(buffer, funcName);
dSprintf(lilBuffer, 32, "_%d_cb", uid++);
dStrcat(buffer, lilBuffer);
dStrcat(buffer, lilBuffer, 1024);
Entry *ent = createLocalEntry(StringTable->insert(buffer));
trashCache();
@ -1383,7 +1383,7 @@ void Namespace::markGroup(const char* name, const char* usage)
char lilBuffer[32];
dStrcpy(buffer, name);
dSprintf(lilBuffer, 32, "_%d", uid++);
dStrcat(buffer, lilBuffer);
dStrcat(buffer, lilBuffer, 1024);
Entry *ent = createLocalEntry(StringTable->insert(buffer));
trashCache();

12
Engine/source/console/consoleObject.cpp
View file

@ -356,7 +356,7 @@ void ConsoleObject::addGroup(const char* in_pGroupname, const char* in_pGroupDoc
char* pFieldNameBuf = suppressSpaces(in_pGroupname);
// Append group type to fieldname.
dStrcat(pFieldNameBuf, "_begingroup");
dStrcat(pFieldNameBuf, "_begingroup", 1024);
// Create Field.
AbstractClassRep::Field f;
@ -385,7 +385,7 @@ void ConsoleObject::endGroup(const char* in_pGroupname)
char* pFieldNameBuf = suppressSpaces(in_pGroupname);
// Append group type to fieldname.
dStrcat(pFieldNameBuf, "_endgroup");
dStrcat(pFieldNameBuf, "_endgroup", 1024);
// Create Field.
AbstractClassRep::Field f;
@ -407,7 +407,7 @@ void ConsoleObject::endGroup(const char* in_pGroupname)
void ConsoleObject::addArray( const char *arrayName, S32 count )
{
char *nameBuff = suppressSpaces(arrayName);
dStrcat(nameBuff, "_beginarray");
dStrcat(nameBuff, "_beginarray", 1024);
// Create Field.
AbstractClassRep::Field f;
@ -430,7 +430,7 @@ void ConsoleObject::addArray( const char *arrayName, S32 count )
void ConsoleObject::endArray( const char *arrayName )
{
char *nameBuff = suppressSpaces(arrayName);
dStrcat(nameBuff, "_endarray");
dStrcat(nameBuff, "_endarray", 1024);
// Create Field.
AbstractClassRep::Field f;
@ -776,8 +776,8 @@ static const char* returnClassList( Vector< AbstractClassRep* >& classes, U32 bu
dStrcpy( ret, classes[ 0 ]->getClassName() );
for( U32 i = 1; i < classes.size(); i ++ )
{
dStrcat( ret, "\t" );
dStrcat( ret, classes[ i ]->getClassName() );
dStrcat( ret, "\t", bufSize );
dStrcat( ret, classes[ i ]->getClassName(), bufSize );
}
return ret;

2
Engine/source/console/fieldBrushObject.cpp
View file

@ -275,7 +275,7 @@ DefineConsoleMethod(FieldBrushObject, queryFields, const char*, (const char* sim
// Copy string element.
dStrcpy( tempBuf, StringUnit::getUnit( groupList, groupIndex, " \t\n" ) );
// Append internal name.
dStrcat( tempBuf, "_begingroup" );
dStrcat( tempBuf, "_begingroup", 256 );
// Store Group.
groups.push_back( StringTable->insert( tempBuf ) );
}

8
Engine/source/console/persistenceManager.cpp
View file

@ -967,10 +967,10 @@ void PersistenceManager::updateToken( const U32 lineNumber, const U32 linePositi
// Build the new line with the
// preString + newValue + postString
dStrcat(newLine, preString);
dStrcat(newLine, preString, newLineLen);
if ( newValue )
dStrcat(newLine, newValue);
dStrcat(newLine, postString);
dStrcat(newLine, newValue, newLineLen);
dStrcat(newLine, postString, newLineLen);
// Clear our existing line
if (mLineBuffer[lineNumber])
@ -1243,7 +1243,7 @@ PersistenceManager::ParsedObject* PersistenceManager::writeNewObject(SimObject*
char* indent = getObjectIndent(parentObject);
if (parentObject)
dStrcat(indent, " \0");
dStrcat(indent, " \0", 2048);
// Write out the beginning of the object declaration
const char* dclToken = "new";

2
Engine/source/console/scriptFilename.cpp
View file

@ -325,7 +325,7 @@ bool collapseScriptFilename(char *filename, U32 size, const char *src)
*filename = 0;
if(*test[i].replace)
dSprintf(filename, size, "%s/", test[i].replace);
dStrcat(filename, rel);
dStrcat(filename, rel, size);
return true;
}

2
Engine/source/console/simFieldDictionary.cpp
View file

@ -281,7 +281,7 @@ void SimFieldDictionary::writeFields(SimObject *obj, Stream &stream, U32 tabStop
dSprintf(expandedBuffer, nBufferSize, "%s%s%s = \"", typeName, *typeName ? " " : "", (*itr)->slotName);
if ((*itr)->value)
expandEscape((char*)expandedBuffer + dStrlen(expandedBuffer), (*itr)->value);
dStrcat(expandedBuffer, "\";\r\n");
dStrcat(expandedBuffer, "\";\r\n", nBufferSize);
stream.write(dStrlen(expandedBuffer), expandedBuffer);
}

12
Engine/source/console/simObject.cpp
View file

@ -347,7 +347,7 @@ void SimObject::writeFields(Stream &stream, U32 tabStop)
}
expandEscape((char*)expandedBuffer + dStrlen(expandedBuffer), val);
dStrcat(expandedBuffer, "\";\r\n");
dStrcat(expandedBuffer, "\";\r\n", expandedBufferSize);
stream.writeTabs(tabStop);
stream.write(dStrlen(expandedBuffer),expandedBuffer);
@ -1029,7 +1029,7 @@ void SimObject::setDataField(StringTableEntry slotName, const char *array, const
{
char buf[256];
dStrcpy(buf, slotName);
dStrcat(buf, array);
dStrcat(buf, array, 256);
StringTableEntry permanentSlotName = StringTable->insert(buf);
mFieldDictionary->setFieldValue(permanentSlotName, value);
onDynamicModified( permanentSlotName, value );
@ -1070,7 +1070,7 @@ const char *SimObject::getDataField(StringTableEntry slotName, const char *array
{
static char buf[256];
dStrcpy(buf, slotName);
dStrcat(buf, array);
dStrcat(buf, array, 256);
if (const char* val = mFieldDictionary->getFieldValue(StringTable->insert(buf)))
return val;
}
@ -1311,7 +1311,7 @@ U32 SimObject::getDataFieldType( StringTableEntry slotName, const char* array )
{
static char buf[256];
dStrcpy( buf, slotName );
dStrcat( buf, array );
dStrcat( buf, array, 256 );
return mFieldDictionary->getFieldType( StringTable->insert( buf ) );
}
@ -1334,7 +1334,7 @@ void SimObject::setDataFieldType(const U32 fieldTypeId, StringTableEntry slotNam
{
static char buf[256];
dStrcpy( buf, slotName );
dStrcat( buf, array );
dStrcat( buf, array, 256 );
mFieldDictionary->setFieldType( StringTable->insert( buf ), fieldTypeId );
onDynamicModified( slotName, mFieldDictionary->getFieldValue(slotName) );
@ -1355,7 +1355,7 @@ void SimObject::setDataFieldType(const char *typeName, StringTableEntry slotName
{
static char buf[256];
dStrcpy( buf, slotName );
dStrcat( buf, array );
dStrcat( buf, array, 256 );
StringTableEntry permanentSlotName = StringTable->insert(buf);
mFieldDictionary->setFieldType( permanentSlotName, typeName );

10
Engine/source/console/telnetDebugger.cpp
View file

@ -470,19 +470,19 @@ void TelnetDebugger::sendBreak()
if ( ns ) {
if ( ns->mParent && ns->mParent->mPackage && ns->mParent->mPackage[0] ) {
dStrcat( scope, ns->mParent->mPackage );
dStrcat( scope, "::" );
dStrcat( scope, ns->mParent->mPackage, MaxCommandSize );
dStrcat( scope, "::", MaxCommandSize );
}
if ( ns->mName && ns->mName[0] ) {
dStrcat( scope, ns->mName );
dStrcat( scope, "::" );
dStrcat( scope, ns->mName, MaxCommandSize );
dStrcat( scope, "::", MaxCommandSize );
}
}
const char *function = gEvalState.stack[i]->scopeName;
if ((!function) || (!function[0]))
function = "<none>";
dStrcat( scope, function );
dStrcat( scope, function, MaxCommandSize );
U32 line=0, inst;
U32 ip = gEvalState.stack[i]->ip;