TorqueGameEngines/Torque3D
1
0
Fork 0
mirror of https://github.com/TorqueGameEngines/Torque3D.git synced 2026-02-13 03:33:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use strncpy instead of strcpy because again, buffer overflows

Browse source
This commit is contained in:
Glenn Smith 2018-03-06 01:59:05 -05:00
parent 7769da9434
commit 79c34c68db
92 changed files with 298 additions and 279 deletions
Download patch file Download diff file Expand all files Collapse all files

36
Engine/source/console/consoleFunctions.cpp
View file

@ -561,12 +561,13 @@ DefineConsoleFunction( stripChars, const char*, ( const char* str, const char* c
"@endtsexample\n"
"@ingroup Strings" )
{
char* ret = Con::getReturnBuffer( dStrlen( str ) + 1 );
dStrcpy( ret, str );
S32 len = dStrlen(str) + 1;
char* ret = Con::getReturnBuffer( len );
dStrcpy( ret, str, len );
U32 pos = dStrcspn( ret, chars );
while ( pos < dStrlen( ret ) )
{
dStrcpy( ret + pos, ret + pos + 1 );
dStrcpy( ret + pos, ret + pos + 1, len - pos );
pos = dStrcspn( ret, chars );
}
return( ret );
@ -585,7 +586,7 @@ DefineConsoleFunction( strlwr, const char*, ( const char* str ),,
"@ingroup Strings" )
{
char *ret = Con::getReturnBuffer(dStrlen(str) + 1);
dStrcpy(ret, str);
dStrcpy(ret, str, dStrlen(str) + 1);
return dStrlwr(ret);
}
@ -602,7 +603,7 @@ DefineConsoleFunction( strupr, const char*, ( const char* str ),,
"@ingroup Strings" )
{
char *ret = Con::getReturnBuffer(dStrlen(str) + 1);
dStrcpy(ret, str);
dStrcpy(ret, str, dStrlen(str) + 1);
return dStrupr(ret);
}
@ -663,7 +664,8 @@ DefineConsoleFunction( strreplace, const char*, ( const char* source, const char
count++;
}
}
char *ret = Con::getReturnBuffer(dStrlen(source) + 1 + (toLen - fromLen) * count);
S32 retLen = dStrlen(source) + 1 + (toLen - fromLen) * count;
char *ret = Con::getReturnBuffer(retLen);
U32 scanp = 0;
U32 dstp = 0;
for(;;)
@ -671,13 +673,13 @@ DefineConsoleFunction( strreplace, const char*, ( const char* source, const char
const char *scan = dStrstr(source + scanp, from);
if(!scan)
{
dStrcpy(ret + dstp, source + scanp);
dStrcpy(ret + dstp, source + scanp, retLen - dstp);
return ret;
}
U32 len = scan - (source + scanp);
dStrncpy(ret + dstp, source + scanp, len);
dStrncpy(ret + dstp, source + scanp, getMin(len, retLen - dstp));
dstp += len;
dStrcpy(ret + dstp, to);
dStrcpy(ret + dstp, to, retLen - dstp);
dstp += toLen;
scanp += len + fromLen;
}
@ -901,8 +903,8 @@ DefineConsoleFunction( startsWith, bool, ( const char* str, const char* prefix,
char* targetBuf = new char[ targetLen + 1 ];
// copy src and target into buffers
dStrcpy( srcBuf, str );
dStrcpy( targetBuf, prefix );
dStrcpy( srcBuf, str, srcLen + 1 );
dStrcpy( targetBuf, prefix, targetLen + 1 );
// reassign src/target pointers to lowercase versions
str = dStrlwr( srcBuf );
@ -952,8 +954,8 @@ DefineConsoleFunction( endsWith, bool, ( const char* str, const char* suffix, bo
char* targetBuf = new char[ targetLen + 1 ];
// copy src and target into buffers
dStrcpy( srcBuf, str );
dStrcpy( targetBuf, suffix );
dStrcpy( srcBuf, str, srcLen + 1 );
dStrcpy( targetBuf, suffix, targetLen + 1 );
// reassign src/target pointers to lowercase versions
str = dStrlwr( srcBuf );
@ -1825,7 +1827,7 @@ DefineEngineFunction( detag, const char*, ( const char* str ),,
return "";
char* ret = Con::getReturnBuffer( dStrlen( word + 1 ) + 1 );
dStrcpy( ret, word + 1 );
dStrcpy( ret, word + 1, dStrlen(word + 1) + 1 );
return ret;
}
else
@ -1889,7 +1891,7 @@ ConsoleFunction( echo, void, 2, 0, "( string message... ) "
char *ret = Con::getReturnBuffer(len + 1);
ret[0] = 0;
for(i = 1; i < argc; i++)
dStrcat(ret, argv[i], len);
dStrcat(ret, argv[i], len + 1);
Con::printf("%s", ret);
ret[0] = 0;
@ -1913,7 +1915,7 @@ ConsoleFunction( warn, void, 2, 0, "( string message... ) "
char *ret = Con::getReturnBuffer(len + 1);
ret[0] = 0;
for(i = 1; i < argc; i++)
dStrcat(ret, argv[i], len);
dStrcat(ret, argv[i], len + 1);
Con::warnf(ConsoleLogEntry::General, "%s", ret);
ret[0] = 0;
@ -1937,7 +1939,7 @@ ConsoleFunction( error, void, 2, 0, "( string message... ) "
char *ret = Con::getReturnBuffer(len + 1);
ret[0] = 0;
for(i = 1; i < argc; i++)
dStrcat(ret, argv[i], len);
dStrcat(ret, argv[i], len + 1);
Con::errorf(ConsoleLogEntry::General, "%s", ret);
ret[0] = 0;