Merge pull request #2752 from signalwire/xml

[xmlrpc-c] Coverity 1500253, 1024634, 1024635, 1227693 fixes.
signalwire · Jan 30, 2025 · 73eb856 · 73eb856
2 parents 75566bc + 09debb3
commit 73eb856
Showing 1 changed file with 19 additions and 23 deletions.
diff --git a/libs/xmlrpc-c/lib/abyss/src/handler.c b/libs/xmlrpc-c/lib/abyss/src/handler.c
@@ -247,7 +247,7 @@ sendDirectoryDocument(TList *      const listP,
     uint32_t k;
 
     if (text) {
-        sprintf(z, "Index of %s" CRLF, uri);
+        snprintf(z, sizeof(z), "Index of %s" CRLF, uri);
         i = strlen(z)-2;
         p = z + i + 2;
 
@@ -257,17 +257,17 @@ sendDirectoryDocument(TList *      const listP,
         }
 
         *p = '\0';
-        strcat(z, CRLF CRLF
+        strncat(z, CRLF CRLF
                "Name                      Size      "
                "Date-Time             Type" CRLF
                "------------------------------------"
-               "--------------------------------------------"CRLF);
+               "--------------------------------------------"CRLF, sizeof(z) - strlen(z) - 1);
     } else {
-        sprintf(z, "<HTML><HEAD><TITLE>Index of %s</TITLE></HEAD><BODY>"
+        snprintf(z, sizeof(z), "<HTML><HEAD><TITLE>Index of %s</TITLE></HEAD><BODY>"
                 "<H1>Index of %s</H1><PRE>",
                 uri, uri);
-        strcat(z, "Name                      Size      "
-               "Date-Time             Type<HR WIDTH=100%>"CRLF);
+        strncat(z, "Name                      Size      "
+               "Date-Time             Type<HR WIDTH=100%>"CRLF, sizeof(z) - strlen(z) - 1);
     }
 
     HTTPWriteBodyChunk(sessionP, z, strlen(z));
@@ -293,7 +293,7 @@ sendDirectoryDocument(TList *      const listP,
         else
             --i;
 
-        strcpy(z, fi->name);
+        snprintf(z, sizeof(z), "%s", fi->name);
 
         k = strlen(z);
 
@@ -303,14 +303,11 @@ sendDirectoryDocument(TList *      const listP,
         }
 
         if (k > 24) {
-            z[10] = '\0';
-            strcpy(z1, z);
-            strcat(z1, "...");
-            strcat(z1, z + k - 11);
+            snprintf(z1, sizeof(z1), "%.10s...%s", z, z + k - 11);
             k = 24;
             p = z1 + 24;
         } else {
-            strcpy(z1, z);
+            snprintf(z1, sizeof(z1), "%s", z);
 
             ++k;
             p = z1 + k;
@@ -321,11 +318,11 @@ sendDirectoryDocument(TList *      const listP,
         }
 
         xmlrpc_gmtime(fi->time_write, &ftm);
-        sprintf(z2, "%02u/%02u/%04u %02u:%02u:%02u",ftm.tm_mday,ftm.tm_mon+1,
+        snprintf(z2, sizeof(z2), "%02u/%02u/%04u %02u:%02u:%02u",ftm.tm_mday,ftm.tm_mon+1,
                 ftm.tm_year+1900,ftm.tm_hour,ftm.tm_min,ftm.tm_sec);
 
         if (fi->attrib & A_SUBDIR) {
-            strcpy(z3, "   --  ");
+            snprintf(z3, sizeof(z3), "   --  ");
             z4 = "Directory";
         } else {
             if (fi->size < 9999)
@@ -343,7 +340,7 @@ sendDirectoryDocument(TList *      const listP,
                 }
             }
 
-            sprintf(z3, "%5" PRIu64 " %c", fi->size, u);
+            snprintf(z3, sizeof(z3), "%5" PRIu64 " %c", fi->size, u);
 
             if (xmlrpc_streq(fi->name, ".."))
                 z4 = "";
@@ -355,9 +352,9 @@ sendDirectoryDocument(TList *      const listP,
         }
 
         if (text)
-            sprintf(z, "%s%s %s    %s   %s"CRLF, z1, p, z3, z2, z4);
+            snprintf(z, sizeof(z), "%s%s %s    %s   %s"CRLF, z1, p, z3, z2, z4);
         else
-            sprintf(z, "<A HREF=\"%s%s\">%s</A>%s %s    %s   %s"CRLF,
+            snprintf(z, sizeof(z), "<A HREF=\"%s%s\">%s</A>%s %s    %s   %s"CRLF,
                     fi->name, fi->attrib & A_SUBDIR ? "/" : "",
                     z1, p, z3, z2, z4);
 
@@ -366,9 +363,9 @@ sendDirectoryDocument(TList *      const listP,
 
     /* Write the tail of the file */
     if (text)
-        strcpy(z, SERVER_PLAIN_INFO);
+        snprintf(z, sizeof(z), "%s", SERVER_PLAIN_INFO);
     else
-        strcpy(z, "</PRE>" SERVER_HTML_INFO "</BODY></HTML>" CRLF CRLF);
+        snprintf(z, sizeof(z), "%s", "</PRE>" SERVER_HTML_INFO "</BODY></HTML>" CRLF CRLF);
 
     HTTPWriteBodyChunk(sessionP, z, strlen(z));
 }
@@ -689,8 +686,7 @@ HandlerDefaultBuiltin(TSession * const sessionP) {
         return TRUE;
     }
 
-    strcpy(z, handlerP->filesPath);
-    strcat(z, sessionP->requestInfo.uri);
+    snprintf(z, sizeof(z), "%s%s", handlerP->filesPath, sessionP->requestInfo.uri);
 
     p = z + strlen(z) - 1;
     if (*p == '/') {
@@ -710,7 +706,7 @@ HandlerDefaultBuiltin(TSession * const sessionP) {
         ** to avoid problems with some browsers (IE for examples) when
         ** they generate relative urls */
         if (!endingslash) {
-            strcpy(z, sessionP->requestInfo.uri);
+            snprintf(z, sizeof(z), "%s", sessionP->requestInfo.uri);
             p = z+strlen(z);
             *p = '/';
             *(p+1) = '\0';
@@ -727,7 +723,7 @@ HandlerDefaultBuiltin(TSession * const sessionP) {
             i = handlerP->defaultFileNames.size;
             while (i-- > 0) {
                 *p = '\0';        
-                strcat(z, (handlerP->defaultFileNames.item[i]));
+                strncat(z, handlerP->defaultFileNames.item[i], sizeof(z) - strlen(z) - 1);
                 if (FileStat(z, &fs)) {
                     if (!(fs.st_mode & S_IFDIR))
                         handleFile(sessionP, z, fs.st_mtime,