From 44daf808737f85ff462905269c7a1e66d52e2fff Mon Sep 17 00:00:00 2001
From: Timo Teräs <timo.teras@iki.fi>
Date: Wed, 13 Feb 2019 15:44:03 +0200
Subject: fix strncpy bounds errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]

Based on patch by Elan Ruusamäe <glen@delfi.ee>
---
 src/apk_blob.h |  4 ++++
 src/archive.c  |  6 +++---
 src/blob.c     | 13 +++++++++++++
 src/database.c |  5 ++++-
 4 files changed, 24 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/apk_blob.h b/src/apk_blob.h
index 4fdd3be..c14980d 100644
--- a/src/apk_blob.h
+++ b/src/apk_blob.h
@@ -133,4 +133,8 @@ void apk_atom_init(void);
 apk_blob_t *apk_blob_atomize(apk_blob_t blob);
 apk_blob_t *apk_blob_atomize_dup(apk_blob_t blob);
 
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
+extern size_t strlcpy(char *dest, const char *src, size_t size);
+#endif
+
 #endif
diff --git a/src/archive.c b/src/archive.c
index 1745056..724410c 100644
--- a/src/archive.c
+++ b/src/archive.c
@@ -387,10 +387,10 @@ int apk_tar_write_entry(struct apk_ostream *os, const struct apk_file_info *ae,
 			return -1;
 
 		if (ae->name != NULL)
-			strncpy(buf.name, ae->name, sizeof(buf.name));
+			strlcpy(buf.name, ae->name, sizeof buf.name);
 
-		strncpy(buf.uname, ae->uname ?: "root", sizeof(buf.uname));
-		strncpy(buf.gname, ae->gname ?: "root", sizeof(buf.gname));
+		strlcpy(buf.uname, ae->uname ?: "root", sizeof buf.uname);
+		strlcpy(buf.gname, ae->gname ?: "root", sizeof buf.gname);
 
 		PUT_OCTAL(buf.size, ae->size);
 		PUT_OCTAL(buf.uid, ae->uid);
diff --git a/src/blob.c b/src/blob.c
index 4bedfbc..7c5bc95 100644
--- a/src/blob.c
+++ b/src/blob.c
@@ -717,3 +717,16 @@ apk_blob_t *apk_blob_atomize_dup(apk_blob_t blob)
 
 	return &atom->blob;
 }
+
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
+size_t strlcpy(char *dst, const char *src, size_t size)
+{
+	size_t ret = strlen(src), len;
+	if (!size) return ret;
+	len = ret;
+	if (len >= size) len = size - 1;
+	memcpy(dest, src, len);
+	dst[len] = 0;
+	return ret;
+}
+#endif
diff --git a/src/database.c b/src/database.c
index 8e58785..5bffb43 100644
--- a/src/database.c
+++ b/src/database.c
@@ -2787,7 +2787,10 @@ static int apk_db_unpack_pkg(struct apk_database *db,
 		if (!(pkg->repos & db->local_repos))
 			need_copy = TRUE;
 	} else {
-		strncpy(file, pkg->filename, sizeof(file));
+		if (strlcpy(file, pkg->filename, sizeof file) >= sizeof file) {
+			r = -ENAMETOOLONG;
+			goto err_msg;
+		}
 		need_copy = TRUE;
 	}
 	if (!apk_db_cache_active(db))
-- 
cgit v1.2.3-60-g2f50