Convert most strlcpy() calls to use destination bound from sizeof()
authorMichael Rash <mbr@cipherdyne.org>
Sat, 27 Apr 2013 18:59:30 +0000 (14:59 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 27 Apr 2013 19:08:11 +0000 (15:08 -0400)
This commit helps to ensure correctness of strlcpy() calls in support of fixing
issue #2.

client/config_init.c
client/fwknop.c
client/http_resolve_host.c
client/spa_comm.c
server/config_init.c
server/fw_util_ipf.c
server/fw_util_ipfw.c
server/fw_util_iptables.c
server/fw_util_pf.c
server/fwknopd.c

index e64e9bb..eb71e4b 100644 (file)
@@ -166,7 +166,7 @@ is_rc_section(const char* line, uint16_t line_size, char* rc_section, uint16_t r
     if (line_size < sizeof(buf))
     {
         memset (buf, 0, sizeof(buf));
-        strlcpy(buf, line, line_size);
+        strlcpy(buf, line, sizeof(buf));
 
         ndx = buf;
 
@@ -583,11 +583,11 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
         /* use source, resolve, or an actual IP
         */
         if(strcasecmp(val, "source") == 0)
-            strlcpy(options->allow_ip_str, "0.0.0.0", 8);
+            strlcpy(options->allow_ip_str, "0.0.0.0", sizeof(options->allow_ip_str));
         else if(strcasecmp(val, "resolve") == 0)
             options->resolve_ip_http = 1;
         else /* Assume IP address */
-            strlcpy(options->allow_ip_str, val, MAX_IPV4_STR_LEN);
+            strlcpy(options->allow_ip_str, val, sizeof(options->allow_ip_str));
     }
     /* Time Offset */
     else if(CONF_VAR_IS(var, "TIME_OFFSET"))
@@ -624,37 +624,37 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
     /* GPG Recipient */
     else if(CONF_VAR_IS(var, "GPG_RECIPIENT"))
     {
-        strlcpy(options->gpg_recipient_key, val, MAX_GPG_KEY_ID);
+        strlcpy(options->gpg_recipient_key, val, sizeof(options->gpg_recipient_key));
     }
     /* GPG Signer */
     else if(CONF_VAR_IS(var, "GPG_SIGNER"))
     {
-        strlcpy(options->gpg_signer_key, val, MAX_GPG_KEY_ID);
+        strlcpy(options->gpg_signer_key, val, sizeof(options->gpg_signer_key));
     }
     /* GPG Homedir */
     else if(CONF_VAR_IS(var, "GPG_HOMEDIR"))
     {
-        strlcpy(options->gpg_home_dir, val, MAX_PATH_LEN);
+        strlcpy(options->gpg_home_dir, val, sizeof(options->gpg_home_dir));
     }
     /* Spoof User */
     else if(CONF_VAR_IS(var, "SPOOF_USER"))
     {
-        strlcpy(options->spoof_user, val, MAX_USERNAME_LEN);
+        strlcpy(options->spoof_user, val, sizeof(options->spoof_user));
     }
     /* Spoof Source IP */
     else if(CONF_VAR_IS(var, "SPOOF_SOURCE_IP"))
     {
-        strlcpy(options->spoof_ip_src_str, val, MAX_IPV4_STR_LEN);
+        strlcpy(options->spoof_ip_src_str, val, sizeof(options->spoof_ip_src_str));
     }
     /* ACCESS request */
     else if(CONF_VAR_IS(var, "ACCESS"))
     {
-        strlcpy(options->access_str, val, MAX_LINE_LEN);
+        strlcpy(options->access_str, val, sizeof(options->access_str));
     }
     /* SPA Server (destination) */
     else if(CONF_VAR_IS(var, "SPA_SERVER"))
     {
-        strlcpy(options->spa_server_str, val, MAX_SERVER_STR_LEN);
+        strlcpy(options->spa_server_str, val, sizeof(options->spa_server_str));
     }
     /* Rand port ? */
     else if(CONF_VAR_IS(var, "RAND_PORT"))
@@ -665,7 +665,7 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
     /* Rijndael key */
     else if(CONF_VAR_IS(var, "KEY"))
     {
-        strlcpy(options->key, val, MAX_KEY_LEN);
+        strlcpy(options->key, val, sizeof(options->key));
         options->have_key = 1;
     }
     /* Rijndael key (base-64 encoded) */
@@ -678,7 +678,7 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
                 val);
             return(-1);
         }
-        strlcpy(options->key_base64, val, MAX_B64_KEY_LEN);
+        strlcpy(options->key_base64, val, sizeof(options->key_base64));
         options->have_base64_key = 1;
     }
     /* HMAC digest type */
@@ -707,31 +707,31 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
                 val);
             return(-1);
         }
-        strlcpy(options->hmac_key_base64, val, MAX_B64_KEY_LEN);
+        strlcpy(options->hmac_key_base64, val, sizeof(options->hmac_key_base64));
         options->have_hmac_base64_key = 1;
     }
 
     /* HMAC key */
     else if(CONF_VAR_IS(var, "HMAC_KEY"))
     {
-        strlcpy(options->hmac_key, val, MAX_KEY_LEN);
+        strlcpy(options->hmac_key, val, sizeof(options->hmac_key));
         options->have_hmac_key = 1;
     }
 
     /* Key file */
     else if(CONF_VAR_IS(var, "KEY_FILE"))
     {
-        strlcpy(options->get_key_file, val, MAX_PATH_LEN);
+        strlcpy(options->get_key_file, val, sizeof(options->get_key_file));
     }
     /* NAT Access Request */
     else if(CONF_VAR_IS(var, "NAT_ACCESS"))
     {
-        strlcpy(options->nat_access_str, val, MAX_PATH_LEN);
+        strlcpy(options->nat_access_str, val, sizeof(options->nat_access_str));
     }
     /* HTTP User Agent */
     else if(CONF_VAR_IS(var, "HTTP_USER_AGENT"))
     {
-        strlcpy(options->http_user_agent, val, HTTP_MAX_USER_AGENT_LEN);
+        strlcpy(options->http_user_agent, val, sizeof(options->http_user_agent));
     }
     /* Resolve URL */
     else if(CONF_VAR_IS(var, "RESOLVE_URL"))
@@ -1040,8 +1040,8 @@ update_rc(fko_cli_options_t *options, uint32_t args_bitmask)
 
     set_rc_file(rcfile, options);
 
-    strlcpy(rcfile_update, rcfile, MAX_PATH_LEN);
-    strlcat(rcfile_update, ".updated", MAX_PATH_LEN);
+    strlcpy(rcfile_update, rcfile, sizeof(rcfile_update));
+    strlcat(rcfile_update, ".updated", sizeof(rcfile_update));
 
     /* Create a new temporary rc file */
     rcfile_fd = open(rcfile_update, FWKNOPRC_OFLAGS, FWKNOPRC_MODE);
@@ -1274,16 +1274,16 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 exit(EXIT_SUCCESS);
             case 'n':
                 options->no_save_args = 1;
-                strlcpy(options->use_rc_stanza, optarg, MAX_LINE_LEN);
+                strlcpy(options->use_rc_stanza, optarg, sizeof(options->use_rc_stanza));
                 break;
             case SAVE_RC_STANZA:
                 options->save_rc_stanza = 1;
                 break;
             case 'E':
-                strlcpy(options->args_save_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->args_save_file, optarg, sizeof(options->args_save_file));
                 break;
             case RC_FILE_PATH:
-                strlcpy(options->rc_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->rc_file, optarg, sizeof(options->rc_file));
                 break;
             case 'v':
                 options->verbose++;
@@ -1308,28 +1308,28 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
 
         switch(cmd_arg) {
             case 'a':
-                strlcpy(options->allow_ip_str, optarg, MAX_IPV4_STR_LEN);
+                strlcpy(options->allow_ip_str, optarg, sizeof(options->allow_ip_str));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_ALLOW_IP);
                 break;
             case 'A':
-                strlcpy(options->access_str, optarg, MAX_LINE_LEN);
+                strlcpy(options->access_str, optarg, sizeof(options->access_str));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_ACCESS);
                 break;
             case 'b':
                 options->save_packet_file_append = 1;
                 break;
             case 'B':
-                strlcpy(options->save_packet_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->save_packet_file, optarg, sizeof(options->save_packet_file));
                 break;
             case 'C':
-                strlcpy(options->server_command, optarg, MAX_LINE_LEN);
+                strlcpy(options->server_command, optarg, sizeof(options->server_command));
                 break;
             case 'D':
-                strlcpy(options->spa_server_str, optarg, MAX_SERVER_STR_LEN);
+                strlcpy(options->spa_server_str, optarg, sizeof(options->spa_server_str));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_SPA_SERVER);
                 break;
             case 'E':
-                strlcpy(options->args_save_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->args_save_file, optarg, sizeof(options->args_save_file));
                 break;
             case 'f':
                 options->fw_timeout = strtol_wrapper(optarg, 0,
@@ -1348,7 +1348,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_USE_GPG);
                 break;
             case 'G':
-                strlcpy(options->get_key_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->get_key_file, optarg, sizeof(options->get_key_file));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_FILE);
                 break;
             case 'h':
@@ -1356,17 +1356,17 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 exit(EXIT_SUCCESS);
             case 'H':
                 options->spa_proto = FKO_PROTO_HTTP;
-                strlcpy(options->http_proxy, optarg, MAX_PATH_LEN);
+                strlcpy(options->http_proxy, optarg, sizeof(options->http_proxy));
                 break;
             case 'k':
                 options->key_gen = 1;
                 break;
             case 'K':
                 options->key_gen = 1;
-                strlcpy(options->key_gen_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->key_gen_file, optarg, sizeof(options->key_gen_file));
                 break;
             case KEY_RIJNDAEL:
-                strlcpy(options->key, optarg, MAX_KEY_LEN);
+                strlcpy(options->key, optarg, sizeof(options->key));
                 options->have_key = 1;
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_RIJNDAEL);
                 break;
@@ -1378,7 +1378,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                         optarg);
                     exit(EXIT_FAILURE);
                 }
-                strlcpy(options->key_base64, optarg, MAX_KEY_LEN);
+                strlcpy(options->key_base64, optarg, sizeof(options->key_base64));
                 options->have_base64_key = 1;
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_RIJNDAEL_BASE64);
                 break;
@@ -1390,13 +1390,13 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                         optarg);
                     exit(EXIT_FAILURE);
                 }
-                strlcpy(options->hmac_key_base64, optarg, MAX_KEY_LEN);
+                strlcpy(options->hmac_key_base64, optarg, sizeof(options->hmac_key_base64));
                 options->have_hmac_base64_key = 1;
                 options->use_hmac = 1;
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_HMAC_BASE64);
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_USE_HMAC);
             case KEY_HMAC:
-                strlcpy(options->hmac_key, optarg, MAX_KEY_LEN);
+                strlcpy(options->hmac_key, optarg, sizeof(options->hmac_key));
                 options->have_hmac_key = 1;
                 options->use_hmac = 1;
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_HMAC);
@@ -1488,7 +1488,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 */
                 break;
             case 'N':
-                strlcpy(options->nat_access_str, optarg, MAX_LINE_LEN);
+                strlcpy(options->nat_access_str, optarg, sizeof(options->nat_access_str));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_NAT_ACCESS);
                 break;
             case 'p':
@@ -1505,11 +1505,11 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_SPA_SERVER_PROTO);
                 break;
             case 'Q':
-                strlcpy(options->spoof_ip_src_str, optarg, MAX_IPV4_STR_LEN);
+                strlcpy(options->spoof_ip_src_str, optarg, sizeof(options->spoof_ip_src_str));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_SPOOF_SOURCE_IP);
                 break;
             case RC_FILE_PATH:
-                strlcpy(options->rc_file, optarg, MAX_PATH_LEN);
+                strlcpy(options->rc_file, optarg, sizeof(options->rc_file));
                 break;
             case 'r':
                 options->rand_port = 1;
@@ -1534,7 +1534,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 options->show_last_command = 1;
                 break;
             case 's':
-                strlcpy(options->allow_ip_str, "0.0.0.0", MAX_IPV4_STR_LEN);
+                strlcpy(options->allow_ip_str, "0.0.0.0", sizeof(options->allow_ip_str));
                 break;
             case 'S':
                 options->spa_src_port = strtol_wrapper(optarg, 0,
@@ -1549,11 +1549,11 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 options->test = 1;
                 break;
             case 'u':
-                strlcpy(options->http_user_agent, optarg, HTTP_MAX_USER_AGENT_LEN);
+                strlcpy(options->http_user_agent, optarg, sizeof(options->http_user_agent));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_HTTP_USER_AGENT);
                 break;
             case 'U':
-                strlcpy(options->spoof_user, optarg, MAX_USERNAME_LEN);
+                strlcpy(options->spoof_user, optarg, sizeof(options->spoof_user));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_SPOOF_USER);
                 break;
             case 'v':
@@ -1565,19 +1565,19 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 break;
             case GPG_RECIP_KEY:
                 options->use_gpg = 1;
-                strlcpy(options->gpg_recipient_key, optarg, MAX_GPG_KEY_ID);
+                strlcpy(options->gpg_recipient_key, optarg, sizeof(options->gpg_recipient_key));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_USE_GPG);
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_GPG_RECIPIENT);
                 break;
             case GPG_SIGNER_KEY:
                 options->use_gpg = 1;
-                strlcpy(options->gpg_signer_key, optarg, MAX_GPG_KEY_ID);
+                strlcpy(options->gpg_signer_key, optarg, sizeof(options->gpg_signer_key));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_USE_GPG);
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_GPG_SIGNER);
                 break;
             case GPG_HOME_DIR:
                 options->use_gpg = 1;
-                strlcpy(options->gpg_home_dir, optarg, MAX_PATH_LEN);
+                strlcpy(options->gpg_home_dir, optarg, sizeof(options->gpg_home_dir));
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_USE_GPG);
                 cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_GPG_HOMEDIR);
                 break;
index 9bee94b..e691216 100644 (file)
@@ -719,7 +719,7 @@ get_rand_port(fko_ctx_t ctx)
         exit(EXIT_FAILURE);
     }
 
-    strlcpy(port_str, rand_val, 6);
+    strlcpy(port_str, rand_val, sizeof(port_str));
 
     tmpint = strtol_wrapper(port_str, 0, -1, NO_EXIT_UPON_ERR, &is_err);
     if(is_err != FKO_SUCCESS)
@@ -955,7 +955,7 @@ prev_exec(fko_cli_options_t *options, int argc, char **argv)
 
     if(options->args_save_file != NULL && options->args_save_file[0] != 0x0)
     {
-        strlcpy(args_save_file, options->args_save_file, MAX_PATH_LEN);
+        strlcpy(args_save_file, options->args_save_file, sizeof(args_save_file));
     }
     else
     {
index 01ebacd..5401e93 100644 (file)
@@ -46,7 +46,7 @@
 
 struct url
 {
-    char    port[MAX_PORT_STR_LEN];
+    char    port[MAX_PORT_STR_LEN+1];
     char    host[MAX_URL_HOST_LEN+1];
     char    path[MAX_URL_PATH_LEN+1];
 };
@@ -197,7 +197,7 @@ try_url(struct url *url, fko_cli_options_t *options)
             && o3 >= 0 && o3 <= 255
             && o4 >= 0 && o4 <= 255)
     {
-        strlcpy(options->allow_ip_str, ndx, MAX_IPV4_STR_LEN);
+        strlcpy(options->allow_ip_str, ndx, sizeof(options->allow_ip_str));
 
         if(options->verbose)
             printf("\n[+] Resolved external IP (via http://%s%s) as: %s\n",
@@ -260,7 +260,7 @@ parse_url(char *res_url, struct url* url)
     }
     else
     {
-        strlcpy(url->port, "80", 3);
+        strlcpy(url->port, "80", sizeof(url->port));
         tlen_offset = 0;
     }
 
@@ -292,13 +292,13 @@ parse_url(char *res_url, struct url* url)
             return(-1);
         }
 
-        strlcpy(url->path, e_ndx, MAX_URL_PATH_LEN);
+        strlcpy(url->path, e_ndx, sizeof(url->path));
     }
     else
     {
         /* default to "GET /" if there isn't a more specific URL
         */
-        strlcpy(url->path, "/", MAX_URL_PATH_LEN);
+        strlcpy(url->path, "/", sizeof(url->path));
     }
 
     return(0);
@@ -321,16 +321,16 @@ resolve_ip_http(fko_cli_options_t *options)
         res = try_url(&url, options);
 
     } else {
-        strlcpy(url.port, "80", 3);
-        strlcpy(url.host, HTTP_RESOLVE_HOST, MAX_URL_HOST_LEN);
-        strlcpy(url.path, HTTP_RESOLVE_URL, MAX_URL_PATH_LEN);
+        strlcpy(url.port, "80", sizeof(url.port));
+        strlcpy(url.host, HTTP_RESOLVE_HOST, sizeof(url.host));
+        strlcpy(url.path, HTTP_RESOLVE_URL, sizeof(url.path));
 
         res = try_url(&url, options);
         if(res != 1)
         {
             /* try the backup url (just switches the host to cipherdyne.com)
             */
-            strlcpy(url.host, HTTP_BACKUP_RESOLVE_HOST, MAX_URL_HOST_LEN);
+            strlcpy(url.host, HTTP_BACKUP_RESOLVE_HOST, sizeof(url.host));
 
 #ifndef WIN32
             sleep(2);
index 1f88b48..3719944 100644 (file)
@@ -581,7 +581,8 @@ send_spa_packet_http(const char *spa_data, const int sd_len,
             options->http_user_agent,
             options->http_proxy  /* hostname or IP */
         );
-        strlcpy(options->spa_server_str, options->http_proxy, MAX_SERVER_STR_LEN);
+        strlcpy(options->spa_server_str, options->http_proxy,
+                sizeof(options->spa_server_str));
     }
     free(spa_data_copy);
 
index dff1e7a..a401a99 100644 (file)
@@ -269,8 +269,8 @@ parse_config_file(fko_srv_options_t *opts, const char *config_file)
                     {
                         if((cndx = config_entry_index(opts, tmp1)) >= 0)
                         {
-                            strlcpy(val, opts->config[cndx], MAX_LINE_LEN);
-                            strlcat(val, tmp2, MAX_LINE_LEN);
+                            strlcpy(val, opts->config[cndx], sizeof(val));
+                            strlcat(val, tmp2, sizeof(val));
                         }
                     }
                 }
@@ -320,7 +320,7 @@ validate_options(fko_srv_options_t *opts)
 
     if(opts->config[CONF_FWKNOP_PID_FILE] == NULL)
     {
-        strlcpy(tmp_path, opts->config[CONF_FWKNOP_RUN_DIR], MAX_PATH_LEN);
+        strlcpy(tmp_path, opts->config[CONF_FWKNOP_RUN_DIR], sizeof(tmp_path));
 
         if(tmp_path[strlen(tmp_path)-1] != '/')
             strlcat(tmp_path, "/", MAX_PATH_LEN);
@@ -336,7 +336,7 @@ validate_options(fko_srv_options_t *opts)
     if(opts->config[CONF_DIGEST_DB_FILE] == NULL)
 #endif
     {
-        strlcpy(tmp_path, opts->config[CONF_FWKNOP_RUN_DIR], MAX_PATH_LEN);
+        strlcpy(tmp_path, opts->config[CONF_FWKNOP_RUN_DIR], sizeof(tmp_path));
 
         if(tmp_path[strlen(tmp_path)-1] != '/')
             strlcat(tmp_path, "/", MAX_PATH_LEN);
@@ -723,7 +723,7 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
     {
         /* Make a copy of the override_config string so we can munge it.
         */
-        strlcpy(override_file, opts->config[CONF_OVERRIDE_CONFIG], MAX_LINE_LEN);
+        strlcpy(override_file, opts->config[CONF_OVERRIDE_CONFIG], sizeof(override_file));
 
         ndx  = override_file;
         cmrk = strchr(ndx, ',');
index 307d30c..9e8c783 100644 (file)
@@ -71,7 +71,7 @@ fw_config_init(fko_srv_options_t *opts)
 
     /* Set our firewall exe command path (iptables in most cases).
     */
-    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], MAX_PATH_LEN);
+    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], sizeof(fwc.fw_command));
 
 
     /* Let us find it via our opts struct as well.
index 12fd078..c2c71f5 100644 (file)
@@ -189,7 +189,7 @@ fw_config_init(fko_srv_options_t * const opts)
 
     /* Set our firewall exe command path (iptables in most cases).
     */
-    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], MAX_PATH_LEN);
+    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], sizeof(fwc.fw_command));
 
     fwc.start_rule_num = strtol_wrapper(opts->config[CONF_IPFW_START_RULE_NUM],
             0, RCHK_MAX_IPFW_MAX_RULES, NO_EXIT_UPON_ERR, &is_err);
@@ -667,7 +667,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
         */
         tmp_mark = ndx;
 
-        strlcpy(exp_str, ndx, 11);
+        strlcpy(exp_str, ndx, sizeof(exp_str));
         rule_exp = (time_t)atoll(exp_str);
 
         if(rule_exp <= now)
index 1caf91f..6d7dda8 100644 (file)
@@ -482,13 +482,13 @@ set_fw_chain_conf(const int type, const char * const conf_str)
     }
 
     /* Pull and set Target */
-    strlcpy(chain->target, chain_fields[0], MAX_TARGET_NAME_LEN);
+    strlcpy(chain->target, chain_fields[0], sizeof(chain->target));
 
     /* Pull and set Table */
-    strlcpy(chain->table, chain_fields[1], MAX_TABLE_NAME_LEN);
+    strlcpy(chain->table, chain_fields[1], sizeof(chain->table));
 
     /* Pull and set From_chain */
-    strlcpy(chain->from_chain, chain_fields[2], MAX_CHAIN_NAME_LEN);
+    strlcpy(chain->from_chain, chain_fields[2], sizeof(chain->from_chain));
 
     /* Pull and set Jump_rule_position */
     chain->jump_rule_pos = strtol_wrapper(chain_fields[3],
@@ -501,7 +501,7 @@ set_fw_chain_conf(const int type, const char * const conf_str)
     }
 
     /* Pull and set To_chain */
-    strlcpy(chain->to_chain, chain_fields[4], MAX_CHAIN_NAME_LEN);
+    strlcpy(chain->to_chain, chain_fields[4], sizeof(chain->to_chain));
 
     /* Pull and set to_chain rule position */
     chain->rule_pos = strtol_wrapper(chain_fields[5],
@@ -522,7 +522,7 @@ fw_config_init(fko_srv_options_t * const opts)
 
     /* Set our firewall exe command path (iptables in most cases).
     */
-    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], MAX_PATH_LEN);
+    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], sizeof(fwc.fw_command));
 
     /* Pull the fwknop chain config info and setup our internal
      * config struct.  The IPT_INPUT is the only one that is
@@ -832,7 +832,7 @@ process_spa_request(const fko_srv_options_t * const opts,
         */
         if(acc->force_nat)
         {
-            strlcpy(nat_ip, acc->force_nat_ip, MAX_IPV4_STR_LEN);
+            strlcpy(nat_ip, acc->force_nat_ip, sizeof(nat_ip));
             nat_port = acc->force_nat_port;
         }
         else
@@ -1114,7 +1114,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
             */
             tmp_mark = ndx;
 
-            strlcpy(exp_str, ndx, 11);
+            strlcpy(exp_str, ndx, sizeof(exp_str));
             rule_exp = (time_t)atoll(exp_str);
 
             if(rule_exp <= now)
index a010e0c..1c871cb 100644 (file)
@@ -149,11 +149,11 @@ fw_config_init(fko_srv_options_t * const opts)
 
     /* Set our firewall exe command path
     */
-    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], MAX_PATH_LEN);
+    strlcpy(fwc.fw_command, opts->config[CONF_FIREWALL_EXE], sizeof(fwc.fw_command));
 
     /* Set the PF anchor name
     */
-    strlcpy(fwc.anchor, opts->config[CONF_PF_ANCHOR_NAME], MAX_PF_ANCHOR_LEN);
+    strlcpy(fwc.anchor, opts->config[CONF_PF_ANCHOR_NAME], sizeof(fwc.anchor));
 
     /* Let us find it via our opts struct as well.
     */
@@ -403,7 +403,7 @@ check_firewall_rules(const fko_srv_options_t * const opts)
         */
         tmp_mark = ndx;
 
-        strlcpy(exp_str, ndx, 11);
+        strlcpy(exp_str, ndx, sizeof(exp_str));
         rule_exp = (time_t)atoll(exp_str);
 
         if(rule_exp <= now)
index bf4e1bd..f3a1bf9 100644 (file)
@@ -259,7 +259,8 @@ main(int argc, char **argv)
                 log_msg(LOG_WARNING,
                     "Error opening digest cache file. Incoming digests will not be remembered."
                 );
-                strlcpy(opts.config[CONF_ENABLE_DIGEST_PERSISTENCE], "N", 2);
+                strlcpy(opts.config[CONF_ENABLE_DIGEST_PERSISTENCE], "N",
+                        sizeof(opts.config[CONF_ENABLE_DIGEST_PERSISTENCE]));
             }
 
             if(opts.verbose)
@@ -410,7 +411,7 @@ check_dir_path(const char * const filepath, const char * const fp_desc, const un
     if(use_basename && ((ndx = strrchr(filepath, PATH_SEP)) != NULL))
         strlcpy(tmp_path, filepath, (ndx-filepath)+1);
     else
-        strlcpy(tmp_path, filepath, MAX_PATH_LEN);
+        strlcpy(tmp_path, filepath, sizeof(tmp_path));
 
     /* At this point, we should make the path is more than just the
      * PATH_SEP.  If it is not, silently return.
@@ -476,7 +477,7 @@ make_dir_path(const char * const run_dir)
     char            tmp_path[MAX_PATH_LEN];
     char            *ndx;
 
-    strlcpy(tmp_path, run_dir, MAX_PATH_LEN);
+    strlcpy(tmp_path, run_dir, sizeof(tmp_path));
 
     len = strlen(tmp_path);