diff --git a/client/client_msgs.cpp b/client/client_msgs.cpp index 55f75b255c..2897e222c6 100644 --- a/client/client_msgs.cpp +++ b/client/client_msgs.cpp @@ -94,9 +94,9 @@ void show_message( case MSG_SCHEDULER_ALERT: char buf[1024]; if (is_html) { - strcpy(buf, message); + safe_strcpy(buf, message); } else { - xml_escape(message, buf, 1024); + xml_escape(message, buf, sizeof(message)); } NOTICE n; n.description = buf; @@ -173,7 +173,7 @@ void MESSAGE_DESCS::insert(PROJ_AM* p, int priority, int now, char* message) { mdp->project_name, p->get_project_name(), sizeof(mdp->project_name) ); } else { - strcpy(mdp->project_name, ""); + safe_strcpy(mdp->project_name, ""); } mdp->priority = (priority==MSG_SCHEDULER_ALERT)?MSG_USER_ALERT:priority; mdp->timestamp = now; diff --git a/client/client_state.cpp b/client/client_state.cpp index f3365ae5b8..410771e953 100644 --- a/client/client_state.cpp +++ b/client/client_state.cpp @@ -119,8 +119,8 @@ CLIENT_STATE::CLIENT_STATE() #else core_client_version.prerelease = false; #endif - strcpy(language, ""); - strcpy(client_brand, ""); + safe_strcpy(language, ""); + safe_strcpy(client_brand, ""); exit_after_app_start_secs = 0; app_started = 0; exit_before_upload = false; @@ -129,12 +129,12 @@ CLIENT_STATE::CLIENT_STATE() boinc_project_gid = 0; #endif show_projects = false; - strcpy(detach_project_url, ""); - strcpy(reset_project_url, ""); - strcpy(update_prefs_url, ""); - strcpy(main_host_venue, ""); - strcpy(attach_project_url, ""); - strcpy(attach_project_auth, ""); + safe_strcpy(detach_project_url, ""); + safe_strcpy(reset_project_url, ""); + safe_strcpy(update_prefs_url, ""); + safe_strcpy(main_host_venue, ""); + safe_strcpy(attach_project_url, ""); + safe_strcpy(attach_project_auth, ""); cpu_run_mode.set(RUN_MODE_AUTO, 0); gpu_run_mode.set(RUN_MODE_AUTO, 0); network_run_mode.set(RUN_MODE_AUTO, 0); @@ -1234,8 +1234,8 @@ int CLIENT_STATE::link_app_version(PROJECT* p, APP_VERSION* avp) { #ifndef SIM - strcpy(avp->graphics_exec_path, ""); - strcpy(avp->graphics_exec_file, ""); + safe_strcpy(avp->graphics_exec_path, ""); + safe_strcpy(avp->graphics_exec_file, ""); for (unsigned int i=0; iapp_files.size(); i++) { FILE_REF& file_ref = avp->app_files[i]; @@ -1252,8 +1252,8 @@ int CLIENT_STATE::link_app_version(PROJECT* p, APP_VERSION* avp) { char relpath[MAXPATHLEN], path[MAXPATHLEN]; get_pathname(fip, relpath, sizeof(relpath)); relative_to_absolute(relpath, path); - strlcpy(avp->graphics_exec_path, path, sizeof(avp->graphics_exec_path)); - strcpy(avp->graphics_exec_file, fip->name); + safe_strcpy(avp->graphics_exec_path, path); + safe_strcpy(avp->graphics_exec_file, fip->name); } // any file associated with an app version must be signed @@ -2231,7 +2231,7 @@ void CLIENT_STATE::log_show_projects() { if (p->hostid) { sprintf(buf, "%d", p->hostid); } else { - strcpy(buf, "not assigned yet"); + safe_strcpy(buf, "not assigned yet"); } msg_printf(p, MSG_INFO, "URL %s; Computer ID %s; resource share %.0f", diff --git a/client/client_types.cpp b/client/client_types.cpp index 356dbe64dd..0e5764e8c7 100644 --- a/client/client_types.cpp +++ b/client/client_types.cpp @@ -120,8 +120,8 @@ int parse_project_files(XML_PARSER& xp, vector& project_files) { } int APP::parse(XML_PARSER& xp) { - strcpy(name, ""); - strcpy(user_friendly_name, ""); + safe_strcpy(name, ""); + safe_strcpy(user_friendly_name, ""); project = NULL; non_cpu_intensive = false; while (!xp.get_tag()) { @@ -178,8 +178,8 @@ int APP::write(MIOFILE& out) { } FILE_INFO::FILE_INFO() { - strcpy(name, ""); - strcpy(md5_cksum, ""); + safe_strcpy(name, ""); + safe_strcpy(md5_cksum, ""); max_nbytes = 0; nbytes = 0; gzipped_nbytes = 0; @@ -203,8 +203,8 @@ FILE_INFO::FILE_INFO() { project = NULL; download_urls.clear(); upload_urls.clear(); - strcpy(xml_signature, ""); - strcpy(file_signature, ""); + safe_strcpy(xml_signature, ""); + safe_strcpy(file_signature, ""); cert_sigs = 0; async_verify = NULL; } @@ -538,9 +538,9 @@ int FILE_INFO::delete_file() { // files with download_gzipped set may exist // in temporary or compressed form // - strcat(path, ".gz"); + safe_strcat(path, ".gz"); delete_project_owned_file(path, true); - strcat(path, "t"); + safe_strcat(path, "t"); delete_project_owned_file(path, true); if (retval && status != FILE_NOT_PRESENT) { @@ -758,29 +758,29 @@ int FILE_INFO::gunzip(char* md5_buf) { } void APP_VERSION::init() { - strcpy(app_name, ""); + safe_strcpy(app_name, ""); version_num = 0; - strcpy(platform, ""); - strcpy(plan_class, ""); - strcpy(api_version, ""); + safe_strcpy(platform, ""); + safe_strcpy(plan_class, ""); + safe_strcpy(api_version, ""); avg_ncpus = 1; max_ncpus = 1; gpu_usage.rsc_type = 0; gpu_usage.usage = 0; gpu_ram = 0; flops = gstate.host_info.p_fpops; - strcpy(cmdline, ""); - strcpy(file_prefix, ""); + safe_strcpy(cmdline, ""); + safe_strcpy(file_prefix, ""); needs_network = false; app = NULL; project = NULL; ref_cnt = 0; - strcpy(graphics_exec_path,""); - strcpy(graphics_exec_file, ""); + safe_strcpy(graphics_exec_path,""); + safe_strcpy(graphics_exec_file, ""); max_working_set_size = 0; missing_coproc = false; missing_coproc_usage = 0.0; - strcpy(missing_coproc_name, ""); + safe_strcpy(missing_coproc_name, ""); dont_throttle = false; is_vm_app = false; is_wrapper = false; @@ -1035,8 +1035,8 @@ bool APP_VERSION::api_version_at_least(int major, int minor) { int FILE_REF::parse(XML_PARSER& xp) { bool temp; - strcpy(file_name, ""); - strcpy(open_name, ""); + safe_strcpy(file_name, ""); + safe_strcpy(open_name, ""); main_program = false; copy_file = false; optional = false; @@ -1086,8 +1086,8 @@ int WORKUNIT::parse(XML_PARSER& xp) { FILE_REF file_ref; double dtemp; - strcpy(name, ""); - strcpy(app_name, ""); + safe_strcpy(name, ""); + safe_strcpy(app_name, ""); version_num = 0; command_line = ""; //strcpy(env_vars, ""); diff --git a/client/cs_account.cpp b/client/cs_account.cpp index 4539c79c88..a75726de28 100644 --- a/client/cs_account.cpp +++ b/client/cs_account.cpp @@ -109,8 +109,8 @@ int PROJECT::parse_account(FILE* in) { XML_PARSER xp(&mf); mf.init_file(in); - strcpy(master_url, ""); - strcpy(authenticator, ""); + safe_strcpy(master_url, ""); + safe_strcpy(authenticator, ""); while (!xp.get_tag()) { if (xp.match_tag("account")) continue; if (xp.match_tag("project_preferences")) { diff --git a/client/cs_files.cpp b/client/cs_files.cpp index 76b6c01f7a..f8ce4e7f6a 100644 --- a/client/cs_files.cpp +++ b/client/cs_files.cpp @@ -32,6 +32,7 @@ #include "md5_file.h" #include "crypt.h" +#include "str_replace.h" #include "str_util.h" #include "filesys.h" #include "cert_sig.h" @@ -181,7 +182,7 @@ int FILE_INFO::verify_file( get_pathname(this, pathname, sizeof(pathname)); - strcpy(cksum, ""); + safe_strcpy(cksum, ""); // see if we need to unzip it // @@ -202,7 +203,7 @@ int FILE_INFO::verify_file( retval = gunzip(cksum); if (retval) return retval; } else { - strcat(gzpath, "t"); + safe_strcat(gzpath, "t"); if (!boinc_file_exists(gzpath)) { status = FILE_NOT_PRESENT; } diff --git a/client/cs_notice.cpp b/client/cs_notice.cpp index f95a258366..73ca3f189f 100644 --- a/client/cs_notice.cpp +++ b/client/cs_notice.cpp @@ -633,7 +633,7 @@ int RSS_FEED::read_archive_file() { // parse a feed descriptor (in scheduler reply or feed list file) // int RSS_FEED::parse_desc(XML_PARSER& xp) { - strcpy(url, ""); + safe_strcpy(url, ""); poll_interval = 0; next_poll_time = 0; while (!xp.get_tag()) { @@ -785,7 +785,7 @@ bool RSS_FEED_OP::poll() { ); } char url[1024]; - strcpy(url, rf.url); + safe_strcpy(url, rf.url); gstate.gui_http.do_rpc(this, url, filename, true); break; } diff --git a/client/cs_scheduler.cpp b/client/cs_scheduler.cpp index 5e334619f5..699ff9a35c 100644 --- a/client/cs_scheduler.cpp +++ b/client/cs_scheduler.cpp @@ -330,7 +330,7 @@ int CLIENT_STATE::make_scheduler_request(PROJECT* p) { rp = results[i]; double x = rp->estimated_runtime_remaining(); if (x == 0) continue; - strcpy(buf, ""); + safe_strcpy(buf, ""); int rt = rp->avp->gpu_usage.rsc_type; if (rt) { if (rt == rsc_index(GPU_TYPE_NVIDIA)) { @@ -575,7 +575,7 @@ int CLIENT_STATE::handle_scheduler_reply( if (work_fetch.requested_work()) { sprintf(buf, ": got %d new tasks", (int)sr.results.size()); } else { - strcpy(buf, ""); + safe_strcpy(buf, ""); } msg_printf(project, MSG_INFO, "Scheduler request completed%s", buf); } diff --git a/client/cs_trickle.cpp b/client/cs_trickle.cpp index 2a859661d4..8ed9722d5d 100644 --- a/client/cs_trickle.cpp +++ b/client/cs_trickle.cpp @@ -286,7 +286,7 @@ int TRICKLE_UP_OP::do_rpc(const char* msg) { int n = (int)strlen(msg)+1; if (n<65536) n = 65536; // make it big enough to handle the reply req_buf = (char*)malloc(n); - strcpy(req_buf, msg); + strlcpy(req_buf, msg, n); int retval = gui_http->do_rpc_post_str( this, const_cast(url.c_str()), req_buf, n ); diff --git a/client/file_names.cpp b/client/file_names.cpp index 37deafd77a..765716e7ec 100644 --- a/client/file_names.cpp +++ b/client/file_names.cpp @@ -82,7 +82,7 @@ void get_pathname(FILE_INFO* fip, char* path, int len) { strcpy(buf, p->project_dir()); } #else - strcpy(buf, p->project_dir()); + safe_strcpy(buf, p->project_dir()); #endif snprintf(path, len, "%s/%s", buf, fip->name); } else { @@ -227,7 +227,7 @@ void delete_old_slot_dirs() { dirp = dir_open(SLOTS_DIR); if (!dirp) return; while (1) { - strcpy(filename, ""); + safe_strcpy(filename, ""); retval = dir_scan(filename, dirp, sizeof(filename)); if (retval) break; snprintf(path, sizeof(path), "%s/%s", SLOTS_DIR, filename); diff --git a/client/file_xfer.cpp b/client/file_xfer.cpp index 36017a5383..39935ae9cc 100644 --- a/client/file_xfer.cpp +++ b/client/file_xfer.cpp @@ -24,6 +24,7 @@ #endif #include "error_numbers.h" +#include "str_replace.h" #include "file_names.h" #include "filesys.h" #include "parse.h" @@ -40,8 +41,8 @@ FILE_XFER::FILE_XFER() { file_xfer_done = false; file_xfer_retval = 0; fip = NULL; - strcpy(pathname, ""); - strcpy(header, ""); + safe_strcpy(pathname, ""); + safe_strcpy(header, ""); file_size_query = false; is_upload = false; starting_size = 0.0; @@ -58,7 +59,7 @@ int FILE_XFER::init_download(FILE_INFO& file_info) { fip = &file_info; get_pathname(fip, pathname, sizeof(pathname)); if (fip->download_gzipped) { - strcat(pathname, ".gzt"); + safe_strcat(pathname, ".gzt"); } // if file is already as large or larger than it's supposed to be, diff --git a/client/gui_rpc_server.cpp b/client/gui_rpc_server.cpp index ba9740c4ff..96e21a935b 100644 --- a/client/gui_rpc_server.cpp +++ b/client/gui_rpc_server.cpp @@ -78,9 +78,9 @@ GUI_RPC_CONN::GUI_RPC_CONN(int s) : { sock = s; mfout.init_mfile(&mout); - strcpy(request_msg,""); + safe_strcpy(request_msg,""); request_nbytes = 0; - strcpy(nonce,""); + safe_strcpy(nonce,""); auth_needed = false; got_auth1 = false; got_auth2 = false; @@ -101,7 +101,7 @@ GUI_RPC_CONN_SET::GUI_RPC_CONN_SET() { remote_hosts_file_exists = false; lsock = -1; time_of_last_rpc_needing_network = 0; - strcpy(password,""); + safe_strcpy(password,""); } bool GUI_RPC_CONN_SET::poll() { @@ -125,7 +125,7 @@ bool GUI_RPC_CONN_SET::recent_rpc_needs_network(double interval) { void GUI_RPC_CONN_SET::get_password() { int retval; - strcpy(password, ""); + safe_strcpy(password, ""); FILE* f = fopen(GUI_RPC_PASSWD_FILE, "r"); if (f) { if (fgets(password, 256, f)) { diff --git a/client/gui_rpc_server_ops.cpp b/client/gui_rpc_server_ops.cpp index f20aee2dc8..8dac1b7813 100644 --- a/client/gui_rpc_server_ops.cpp +++ b/client/gui_rpc_server_ops.cpp @@ -549,7 +549,7 @@ static void handle_result_op(GUI_RPC_CONN& grc, const char* op) { ACTIVE_TASK* atp; string project_url; - strcpy(result_name, ""); + safe_strcpy(result_name, ""); while (!grc.xp.get_tag()) { if (grc.xp.parse_str("name", result_name, sizeof(result_name))) continue; if (grc.xp.parse_string("project_url", project_url)) continue; @@ -1224,7 +1224,7 @@ static void handle_report_device_status(GUI_RPC_CONN& grc) { // if (strlen(d.device_name)) { if (strcmp(d.device_name, gstate.host_info.domain_name)) { - strcpy(gstate.host_info.domain_name, d.device_name); + safe_strcpy(gstate.host_info.domain_name, d.device_name); gstate.set_client_state_dirty("Device name changed"); } } @@ -1280,7 +1280,7 @@ struct GUI_RPC { GUI_RPC(const char* req, GUI_RPC_HANDLER h, bool ar, bool en, bool ro) { req_tag = req; safe_strcpy(alt_req_tag, req); - strcat(alt_req_tag, "/"); + safe_strcat(alt_req_tag, "/"); handler = h; auth_required = ar; enable_network = en;