diff options
| -rw-r--r-- | ext/ereg/regex/regerror.c | 11 | ||||
| -rw-r--r-- | ext/ereg/regex/regerror.ih | 2 | ||||
| -rw-r--r-- | ext/standard/crypt.c | 4 | ||||
| -rw-r--r-- | ext/standard/http_fopen_wrapper.c | 4 | ||||
| -rw-r--r-- | ext/standard/proc_open.c | 4 | ||||
| -rw-r--r-- | ext/standard/user_filters.c | 2 | ||||
| -rw-r--r-- | ext/xml/xml.c | 4 | ||||
| -rw-r--r-- | main/fopen_wrappers.c | 5 | ||||
| -rw-r--r-- | main/streams/filter.c | 2 |
9 files changed, 20 insertions, 18 deletions
diff --git a/ext/ereg/regex/regerror.c b/ext/ereg/regex/regerror.c index f8c3ca3538..05737a462c 100644 --- a/ext/ereg/regex/regerror.c +++ b/ext/ereg/regex/regerror.c @@ -74,7 +74,7 @@ size_t errbuf_size) char convbuf[50]; if (errcode == REG_ATOI) - s = regatoi(preg, convbuf); + s = regatoi(preg, convbuf, sizeof(convbuf)); else { for (r = rerrs; r->code >= 0; r++) if (r->code == target) @@ -84,7 +84,7 @@ size_t errbuf_size) if (r->code >= 0) (void) strncpy(convbuf, r->name, 50); else - sprintf(convbuf, "REG_0x%x", target); + snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); assert(strlen(convbuf) < sizeof(convbuf)); s = convbuf; } else @@ -106,12 +106,13 @@ size_t errbuf_size) /* - regatoi - internal routine to implement REG_ATOI - == static char *regatoi(const regex_t *preg, char *localbuf); + == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); */ static char * -regatoi(preg, localbuf) +regatoi(preg, localbuf, bufsize) const regex_t *preg; char *localbuf; +int bufsize; { register const struct rerr *r; @@ -121,6 +122,6 @@ char *localbuf; if (r->code < 0) return("0"); - sprintf(localbuf, "%d", r->code); + snprintf(localbuf, bufsize, "%d", r->code); return(localbuf); } diff --git a/ext/ereg/regex/regerror.ih b/ext/ereg/regex/regerror.ih index 2cb668c24f..5ff158e57d 100644 --- a/ext/ereg/regex/regerror.ih +++ b/ext/ereg/regex/regerror.ih @@ -4,7 +4,7 @@ extern "C" { #endif /* === regerror.c === */ -static char *regatoi(const regex_t *preg, char *localbuf); +static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); #ifdef __cplusplus } diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index 181a4d4931..46dbc78b9d 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -170,10 +170,10 @@ PHP_FUNCTION(crypt) /* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */ if (!*salt) { #if PHP_MD5_CRYPT - strcpy(salt, "$1$"); + strncpy(salt, "$1$", PHP_MAX_SALT_LEN); php_to64(&salt[3], PHP_CRYPT_RAND, 4); php_to64(&salt[7], PHP_CRYPT_RAND, 4); - strcpy(&salt[11], "$"); + strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11); #elif PHP_STD_DES_CRYPT php_to64(&salt[0], PHP_CRYPT_RAND, 2); salt[2] = '\0'; diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 8769a3d296..a7a708b1b2 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -330,7 +330,7 @@ finish: scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); scratch = emalloc(scratch_len); strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + strncat(scratch, " ", 1); } } } @@ -344,7 +344,7 @@ finish: if (!scratch) { scratch_len = strlen(path) + 29 + protocol_version_len; scratch = emalloc(scratch_len); - strcpy(scratch, "GET "); + strncpy(scratch, "GET ", scratch_len); } /* Should we send the entire path in the request line, default to no. */ diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c index 13b3855527..7bb003207f 100644 --- a/ext/standard/proc_open.c +++ b/ext/standard/proc_open.c @@ -183,8 +183,8 @@ static php_process_env_t _php_array_to_envp(zval *environment, int is_persistent l = string_length + el_len + 1; memcpy(p, string_key, string_length); - strcat(p, "="); - strcat(p, data); + strncat(p, "=", 1); + strncat(p, data, el_len); #ifndef PHP_WIN32 *ep = p; diff --git a/ext/standard/user_filters.c b/ext/standard/user_filters.c index 679f3e6bb6..76668c1497 100644 --- a/ext/standard/user_filters.c +++ b/ext/standard/user_filters.c @@ -311,7 +311,7 @@ static php_stream_filter *user_filter_factory_create(const char *filtername, period = wildcard + (period - filtername); while (period) { *period = '\0'; - strcat(wildcard, ".*"); + strncat(wildcard, ".*", 2); if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) { period = NULL; } else { diff --git a/ext/xml/xml.c b/ext/xml/xml.c index af9e9c9b8e..85b4fbf203 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -1050,7 +1050,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); } else { @@ -1070,7 +1070,7 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) { int newlen = Z_STRLEN_PP(myval) + decoded_len; Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1); - strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value); + strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1); Z_STRLEN_PP(myval) += decoded_len; efree(decoded_value); return; diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index 5d57886e67..07441abd82 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -463,7 +463,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) #endif if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) && IS_ABSOLUTE_PATH(PG(doc_root), length)) { - filename = emalloc(length + strlen(path_info) + 2); + int path_len = strlen(path_info); + filename = emalloc(length + path_len + 2); if (filename) { memcpy(filename, PG(doc_root), length); if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */ @@ -472,7 +473,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) if (IS_SLASH(path_info[0])) { length--; } - strcpy(filename + length, path_info); + strncpy(filename + length, path_len + 1); } } else { filename = SG(request_info).path_translated; diff --git a/main/streams/filter.c b/main/streams/filter.c index 623c66f96d..99293259e7 100644 --- a/main/streams/filter.c +++ b/main/streams/filter.c @@ -270,7 +270,7 @@ PHPAPI php_stream_filter *php_stream_filter_create(const char *filtername, zval period = wildname + (period - filtername); while (period && !filter) { *period = '\0'; - strcat(wildname, ".*"); + strncat(wildname, ".*", 2); if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) { filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC); } |