Use strncpy instead of strcpy because again, buffer overflows

Engine/source/app/badWordFilter.cpp

@@ -50,7 +50,7 @@ BadWordFilter::BadWordFilter()
 {
    VECTOR_SET_ASSOCIATION( filterTables );
 
-   dStrcpy(defaultReplaceStr, "knqwrtlzs");
+   dStrcpy(defaultReplaceStr, "knqwrtlzs", 32);
    filterTables.push_back(new FilterTable);
    curOffset = 0;
 }
@@ -147,7 +147,7 @@ bool BadWordFilter::setDefaultReplaceStr(const char *str)
    U32 len = dStrlen(str);
    if(len < 2 || len >= sizeof(defaultReplaceStr))
       return false;
-   dStrcpy(defaultReplaceStr, str);
+   dStrcpy(defaultReplaceStr, str, 32);
    return true;
 }
 
@@ -287,7 +287,7 @@ DefineEngineFunction(filterString, const char *, (const char* baseString, const
       replaceStr = gBadWordFilter->getDefaultReplaceStr();
 
    char *ret = Con::getReturnBuffer(dStrlen(baseString) + 1);
-   dStrcpy(ret, baseString);
+   dStrcpy(ret, baseString, dStrlen(baseString));
    gBadWordFilter->filterString(ret, replaceStr);
    return ret;
 }

Engine/source/app/banList.cpp

@@ -86,7 +86,7 @@ void BanList::addBan(S32 uniqueId, const char *TA, S32 banTime)
    }
 
    BanInfo b;
-   dStrcpy(b.transportAddress, TA);
+   dStrcpy(b.transportAddress, TA, 128);
    b.uniqueId = uniqueId;
    b.bannedUntil = banTime;
 

Engine/source/app/mainLoop.cpp

@@ -495,7 +495,7 @@ bool StandardMainLoop::handleCommandLine( S32 argc, const char **argv )
          S32 pathLen = dStrlen( fdd.mFile );
          FrameTemp<char> szPathCopy( pathLen + 1);
 
-         dStrcpy( szPathCopy, fdd.mFile );
+         dStrcpy( szPathCopy, fdd.mFile, pathLen + 1 );
          //forwardslash( szPathCopy );
 
          const char *path = dStrrchr(szPathCopy, '/');

Engine/source/app/net/net.cpp

@@ -128,7 +128,7 @@
       const char *rmtCommandName = dStrchr(mArgv[1], ' ') + 1;
       if(conn->isConnectionToServer())
       {
-         dStrcpy(mBuf, "clientCmd");
+         dStrcpy(mBuf, "clientCmd", 1024);
          dStrcat(mBuf, rmtCommandName, 1024);
 
          char *temp = mArgv[1];
@@ -139,7 +139,7 @@
       }
       else
       {
-         dStrcpy(mBuf, "serverCmd");
+         dStrcpy(mBuf, "serverCmd", 1024);
          dStrcat(mBuf, rmtCommandName, 1024);
          char *temp = mArgv[1];
 
@@ -409,7 +409,7 @@ ConsoleFunction( buildTaggedString, const char*, 2, 11, "(string format, ...)"
             S32 strLength = dStrlen(argStr);
             if (strLength > strMaxLength)
                goto done;
-            dStrcpy(strBufPtr, argStr);
+            dStrcpy(strBufPtr, argStr, strMaxLength);
             strBufPtr += strLength;
             strMaxLength -= strLength;
             fmtStrPtr += 2;

Engine/source/app/net/netExamples.cpp

@@ -110,7 +110,7 @@ public:
    SimpleNetObject()
    {
       mNetFlags.set(ScopeAlways | Ghostable);
-      dStrcpy(message, "Hello World!");
+      dStrcpy(message, "Hello World!", 256);
    }
    U32 packUpdate(NetConnection *conn, U32 mask, BitStream *stream)
    {
@@ -125,7 +125,7 @@ public:
    void setMessage(const char *msg)
    {
       setMaskBits(1);
-      dStrcpy(message, msg);
+      dStrcpy(message, msg, 256);
    }
 
    DECLARE_CONOBJECT(SimpleNetObject);

Engine/source/app/net/serverQuery.cpp

@@ -394,12 +394,12 @@ void queryLanServers(U32 port, U8 flags, const char* gameType, const char* missi
       if ( !sActiveFilter.gameType || dStricmp( sActiveFilter.gameType, "Any" ) != 0 )
       {
          sActiveFilter.gameType = (char*) dRealloc( sActiveFilter.gameType, 4 );
-         dStrcpy( sActiveFilter.gameType, "Any" );
+         dStrcpy( sActiveFilter.gameType, "Any", 4 );
       }
       if ( !sActiveFilter.missionType || dStricmp( sActiveFilter.missionType, "Any" ) != 0 )
       {
          sActiveFilter.missionType = (char*) dRealloc( sActiveFilter.missionType, 4 );
-         dStrcpy( sActiveFilter.missionType, "Any" );
+         dStrcpy( sActiveFilter.missionType, "Any", 4 );
       }
       sActiveFilter.queryFlags   = 0;
    sActiveFilter.minPlayers   = minPlayers;
@@ -511,13 +511,13 @@ void queryMasterServer(U8 flags, const char* gameType, const char* missionType,
       if ( !sActiveFilter.gameType || dStrcmp( sActiveFilter.gameType, gameType ) != 0 )
       {
          sActiveFilter.gameType = (char*) dRealloc( sActiveFilter.gameType, dStrlen( gameType ) + 1 );
-         dStrcpy( sActiveFilter.gameType, gameType );
+         dStrcpy( sActiveFilter.gameType, gameType, dStrlen(gameType) + 1 );
       }
 
       if ( !sActiveFilter.missionType || dStrcmp( sActiveFilter.missionType, missionType ) != 0 )
       {
          sActiveFilter.missionType = (char*) dRealloc( sActiveFilter.missionType, dStrlen( missionType ) + 1 );
-         dStrcpy( sActiveFilter.missionType, missionType );
+         dStrcpy( sActiveFilter.missionType, missionType, dStrlen(missionType) + 1 );
       }
 
       sActiveFilter.queryFlags   = flags | ServerFilter::NewStyleResponse;
@@ -970,7 +970,7 @@ static void pushServerFavorites()
             ServerInfo* si = findOrCreateServerInfo( &addr );
             AssertFatal(si, "pushServerFavorites - failed to create Server Info!" );
             si->name = (char*) dRealloc( (void*) si->name, dStrlen( serverName ) + 1 );
-            dStrcpy( si->name, serverName );
+            dStrcpy( si->name, serverName, dStrlen(serverName) + 1 );
             si->isFavorite = true;
             pushPingRequest( &addr );
          }
@@ -1054,13 +1054,13 @@ void addFakeServers( S32 howMany )
       char buf[256];
       dSprintf( buf, 255, "Fake server #%d", sNumFakeServers );
       newServer.name = (char*) dMalloc( dStrlen( buf ) + 1 );
-      dStrcpy( newServer.name, buf );
+      dStrcpy( newServer.name, buf, strlen(buf) + 1 );
       newServer.gameType = (char*) dMalloc( 5 );
-      dStrcpy( newServer.gameType, "Fake" );
-      newServer.missionType = (char*) dMalloc( 4 );
-      dStrcpy( newServer.missionType, "FakeMissionType" );
+      dStrcpy( newServer.gameType, "Fake", 5 );
+      newServer.missionType = (char*) dMalloc( 16 );
+      dStrcpy( newServer.missionType, "FakeMissionType", 16 );
       newServer.missionName = (char*) dMalloc( 14 );
-      dStrcpy( newServer.missionName, "FakeMapName" );
+      dStrcpy( newServer.missionName, "FakeMapName", 14 );
       Net::stringToAddress( "IP:198.74.33.35:28000", &newServer.address );
       newServer.ping = (U32)( Platform::getRandom() * 200.0f );
       newServer.cpuSpeed = 470;
@@ -1353,9 +1353,9 @@ static void processPingsAndQueries( U32 session, bool schedule )
       char msg[64];
       U32 foundCount = gServerList.size();
       if ( foundCount == 0 )
-         dStrcpy( msg, "No servers found." );
+         dStrcpy( msg, "No servers found.", 64 );
       else if ( foundCount == 1 )
-         dStrcpy( msg, "One server found." );
+         dStrcpy( msg, "One server found.", 64 );
       else
          dSprintf( msg, sizeof( msg ), "%d servers found.", foundCount );
 
@@ -1754,7 +1754,7 @@ static void handleGameMasterInfoRequest( const NetAddress* address, U32 key, U8
 
       const char* guidList = Con::getVariable( "Server::GuidList" );
       char* buf = new char[dStrlen( guidList ) + 1];
-      dStrcpy( buf, guidList );
+      dStrcpy( buf, guidList, dStrlen(guidList) + 1 );
       char* temp = dStrtok( buf, "\t" );
       temp8 = 0;
       for ( ; temp && temp8 < playerCount; temp8++ )
@@ -1949,7 +1949,7 @@ static void handleGamePingResponse( const NetAddress* address, BitStream* stream
    if ( !si->name )
    {
       si->name = (char*) dMalloc( dStrlen( buf ) + 1 );
-      dStrcpy( si->name, buf );
+      dStrcpy( si->name, buf, dStrlen(buf) + 1 );
    }
 
    // Set the server up to be queried:
@@ -2051,7 +2051,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->gameType || dStricmp( si->gameType, stringBuf ) != 0 )
    {
       si->gameType = (char*) dRealloc( (void*) si->gameType, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->gameType, stringBuf );
+      dStrcpy( si->gameType, stringBuf, dStrlen(stringBuf) + 1 );
 
       // Test against the active filter:
       if ( applyFilter && dStricmp( sActiveFilter.gameType, "any" ) != 0
@@ -2068,7 +2068,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->missionType || dStrcmp( si->missionType, stringBuf ) != 0 )
    {
       si->missionType = (char*) dRealloc( (void*) si->missionType, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->missionType, stringBuf );
+      dStrcpy( si->missionType, stringBuf, dStrlen(stringBuf) + 1 );
 
       // Test against the active filter:
       if ( applyFilter && dStricmp( sActiveFilter.missionType, "any" ) != 0
@@ -2089,7 +2089,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->missionName || dStrcmp( si->missionName, stringBuf ) != 0 )
    {
       si->missionName = (char*) dRealloc( (void*) si->missionName, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->missionName, stringBuf );
+      dStrcpy( si->missionName, stringBuf, dStrlen(stringBuf) + 1 );
    }
 
    // Get the server status:
@@ -2158,7 +2158,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->statusString || ( isUpdate && dStrcmp( si->statusString, stringBuf ) != 0 ) )
    {
       si->infoString = (char*) dRealloc( (void*) si->infoString, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->infoString, stringBuf );
+      dStrcpy( si->infoString, stringBuf, dStrlen(stringBuf) + 1 );
    }
 
    // Get the content string:
@@ -2166,7 +2166,7 @@ static void handleGameInfoResponse( const NetAddress* address, BitStream* stream
    if ( !si->statusString || ( isUpdate && dStrcmp( si->statusString, stringBuf ) != 0 ) )
    {
       si->statusString = (char*) dRealloc( (void*) si->statusString, dStrlen( stringBuf ) + 1 );
-      dStrcpy( si->statusString, stringBuf );
+      dStrcpy( si->statusString, stringBuf, dStrlen(stringBuf) + 1 );
    }
 
    // Update the server browser gui!