From cea7b2d43c64427062e11690e38f5f459c0ab821 Mon Sep 17 00:00:00 2001 From: "coadde [Márcio Alexandre Silva Delgado]" Date: Wed, 18 May 2016 14:21:53 -0300 Subject: pcr/reicast-git: add more patches --- pcr/reicast-git/no-buffer-overflows.patch | 587 ++++++++++++++++++++++++++++++ 1 file changed, 587 insertions(+) create mode 100644 pcr/reicast-git/no-buffer-overflows.patch (limited to 'pcr/reicast-git/no-buffer-overflows.patch') diff --git a/pcr/reicast-git/no-buffer-overflows.patch b/pcr/reicast-git/no-buffer-overflows.patch new file mode 100644 index 000000000..401013231 --- /dev/null +++ b/pcr/reicast-git/no-buffer-overflows.patch @@ -0,0 +1,587 @@ +diff -Nur a/core/cfg/cfg.cpp b/core/cfg/cfg.cpp +--- a/core/cfg/cfg.cpp 2016-05-18 07:26:31.884806485 -0300 ++++ b/core/cfg/cfg.cpp 2016-05-18 08:14:04.874168496 -0300 +@@ -128,7 +128,8 @@ + void cfgLoadStr(const wchar * Section, const wchar * Key, wchar * Return,const wchar* Default) + { + string value = cfgdb.get(Section, Key, Default); +- strcpy(Return, value.c_str()); ++ strncpy(Return, value.c_str(), sizeof(Return)); ++ Return[sizeof(Return) - 1] = '\0'; + } + + string cfgLoadStr(const wchar * Section, const wchar * Key, const wchar* Default) +diff -Nur a/core/cfg/ini.cpp b/core/cfg/ini.cpp +--- a/core/cfg/ini.cpp 2016-05-18 07:26:31.884806485 -0300 ++++ b/core/cfg/ini.cpp 2016-05-18 08:12:22.452503951 -0300 +@@ -221,7 +221,8 @@ + if (tl[0] == '[' && tl[strlen(tl)-1] == ']') + { + tl[strlen(tl)-1] = '\0'; +- strcpy(current_section, tl+1); ++ strncpy(current_section, tl+1, sizeof(current_section)); ++ current_section[sizeof(current_section) - 1] = '\0'; + trim_ws(current_section); + } + else +diff -Nur a/core/deps/libwebsocket/client.c b/core/deps/libwebsocket/client.c +--- a/core/deps/libwebsocket/client.c 2016-05-18 07:26:31.928140639 -0300 ++++ b/core/deps/libwebsocket/client.c 2016-05-18 08:29:26.276930099 -0300 +@@ -871,7 +871,8 @@ + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST)); + p += sprintf(p, + "Upgrade: websocket\x0d\x0a""Connection: Upgrade\x0d\x0a""Sec-WebSocket-Key: "); +- strcpy(p, key_b64); ++ strncpy(p, key_b64, sizeof(p)); ++ p[sizeof(p) - 1] = '\0'; + p += strlen(key_b64); + p += sprintf(p, "\x0d\x0a"); + if (lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN)) +diff -Nur a/core/deps/libwebsocket/context.c b/core/deps/libwebsocket/context.c +--- a/core/deps/libwebsocket/context.c 2016-05-18 07:26:31.928140639 -0300 ++++ b/core/deps/libwebsocket/context.c 2016-05-18 08:23:42.720827986 -0300 +@@ -167,7 +167,8 @@ + + context->user_space = info->user; + +- strcpy(context->canonical_hostname, "unknown"); ++ strncpy(context->canonical_hostname, "unknown", sizeof(context->canonical_hostname)); ++ context->canonical_hostname[sizeof(context->canonical_hostname) - 1] = '\0'; + + lws_server_get_canonical_hostname(context, info); + +diff -Nur a/core/deps/libwebsocket/libwebsockets.c b/core/deps/libwebsocket/libwebsockets.c +--- a/core/deps/libwebsocket/libwebsockets.c 2016-05-18 07:26:31.928140639 -0300 ++++ b/core/deps/libwebsocket/libwebsockets.c 2016-05-18 08:25:22.529251490 -0300 +@@ -526,7 +526,8 @@ + + if (u - wsi->latency_start > context->worst_latency) { + context->worst_latency = u - wsi->latency_start; +- strcpy(context->worst_latency_info, buf); ++ strncpy(context->worst_latency_info, buf, sizeof(context->worst_latency_info)); ++ context->worst_latency_info[sizeof(context->worst_latency_info) - 1] = '\0'; + } + lwsl_latency("%s", buf); + } +diff -Nur a/core/deps/libwebsocket/parsers.c b/core/deps/libwebsocket/parsers.c +--- a/core/deps/libwebsocket/parsers.c 2016-05-18 07:26:31.931474036 -0300 ++++ b/core/deps/libwebsocket/parsers.c 2016-05-18 08:27:14.004563720 -0300 +@@ -99,8 +99,9 @@ + return 0; + + do { +- strcpy(dest, +- &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]); ++ strncpy(dest, ++ &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset], sizeof(dest)); ++ dest[sizeof(dest) - 1] = '\0'; + dest += wsi->u.hdr.ah->frags[n].len; + n = wsi->u.hdr.ah->frags[n].next_frag_index; + } while (n); +diff -Nur a/core/deps/libwebsocket/server-handshake.c b/core/deps/libwebsocket/server-handshake.c +--- a/core/deps/libwebsocket/server-handshake.c 2016-05-18 07:26:31.934807432 -0300 ++++ b/core/deps/libwebsocket/server-handshake.c 2016-05-18 09:05:43.379609693 -0300 +@@ -21,7 +21,7 @@ + + #include "private-libwebsockets.h" + +-#define LWS_CPYAPP(ptr, str) { strcpy(ptr, str); ptr += strlen(str); } ++#define LWS_CPYAPP(ptr, str) { strncpy(ptr, str, sizeof(ptr)); ptr[sizeof(ptr) - 1] = '\0'; ptr += strlen(str); } + #ifndef LWS_NO_EXTENSIONS + LWS_VISIBLE int + lws_extension_server_handshake(struct libwebsocket_context *context, +@@ -212,7 +212,8 @@ + "Upgrade: WebSocket\x0d\x0a" + "Connection: Upgrade\x0d\x0a" + "Sec-WebSocket-Accept: "); +- strcpy(p, (char *)context->service_buffer); ++ strncpy(p, (char *)context->service_buffer, sizeof(p)); ++ p[sizeof(p) - 1] = '\0'; + p += accept_len; + + if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL)) { +diff -Nur a/core/deps/libzip/zip_add_dir.c b/core/deps/libzip/zip_add_dir.c +--- a/core/deps/libzip/zip_add_dir.c 2016-05-18 07:26:31.938140829 -0300 ++++ b/core/deps/libzip/zip_add_dir.c 2016-05-18 08:21:20.351686144 -0300 +@@ -60,7 +60,8 @@ + _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); + return -1; + } +- strcpy(s, name); ++ strncpy(s, name, sizeof(s)); ++ s[sizeof(s) - 1] = '\0'; + s[len] = '/'; + s[len+1] = '\0'; + } +diff -Nur a/core/deps/zlib/gzlib.c b/core/deps/zlib/gzlib.c +--- a/core/deps/zlib/gzlib.c 2016-05-18 07:26:31.958141208 -0300 ++++ b/core/deps/zlib/gzlib.c 2016-05-18 08:10:37.647202679 -0300 +@@ -213,7 +213,8 @@ + #if !defined(NO_snprintf) && !defined(NO_vsnprintf) + snprintf(state->path, len + 1, "%s", (const char *)path); + #else +- strcpy(state->path, path); ++ strncpy(state->path, path, sizeof(state->path)); ++ state->path[sizeof(state->path) - 1] = '\0'; + #endif + + /* compute the flags for open() */ +@@ -607,7 +608,8 @@ + snprintf(state->msg, strlen(state->path) + strlen(msg) + 3, + "%s%s%s", state->path, ": ", msg); + #else +- strcpy(state->msg, state->path); ++ strncpy(state->msg, state->path, sizeof(state->msg)); ++ state->msg[sizeof(state->msg) - 1] = '\0'; + strcat(state->msg, ": "); + strcat(state->msg, msg); + #endif +diff -Nur a/core/hw/flashrom/flashrom.h b/core/hw/flashrom/flashrom.h +--- a/core/hw/flashrom/flashrom.h 2016-05-18 07:26:31.978141586 -0300 ++++ b/core/hw/flashrom/flashrom.h 2016-05-18 07:40:53.826766511 -0300 +@@ -63,7 +63,8 @@ + wchar base[512]; + wchar temp[512]; + wchar names[512]; +- strcpy(names,names_ro.c_str()); ++ strncpy(names,names_ro.c_str(),sizeof(names)); ++ names[sizeof(names) - 1] = '\0'; + sprintf(base,"%s",root.c_str()); + + wchar* curr=names; +diff -Nur a/core/hw/naomi/naomi_cart.cpp b/core/hw/naomi/naomi_cart.cpp +--- a/core/hw/naomi/naomi_cart.cpp 2016-05-18 07:26:31.988141776 -0300 ++++ b/core/hw/naomi/naomi_cart.cpp 2016-05-18 07:38:20.557239856 -0300 +@@ -33,7 +33,8 @@ + folder_pos++; + + char t[512]; +- strcpy(t, file); ++ strncpy(t, file, sizeof(t)); ++ t[sizeof(t) - 1] = '\0'; + FILE* fl = fopen(t, "r"); + if (!fl) + return false; +@@ -92,7 +93,8 @@ + RomCacheMapCount = (u32)files.size(); + RomCacheMap = new fd_t[files.size()]; + +- strcpy(t, file); ++ strncpy(t, file, sizeof(t)); ++ t[sizeof(t) - 1] = '\0'; + t[folder_pos] = 0; + strcat(t, "ndcn-composed.cache"); + +@@ -106,7 +108,8 @@ + verify(RomPtr != 0); + verify(RomPtr != (void*)-1); + +- strcpy(t, file); ++ strncpy(t, file, sizeof(t)); ++ t[sizeof(t) - 1] = '\0'; + + //Create File Mapping Objects + for (size_t i = 0; i2) + { +@@ -87,7 +88,8 @@ + + if (SSIZE!=0) + { +- strcpy(pathptr, track_filename.c_str()); ++ strncpy(pathptr, track_filename.c_str(),sizeof(pathptr)); ++ pathptr[sizeof(pathptr) - 1] = '\0'; + t.file = new RawTrackFile(core_fopen(path),OFFSET,t.StartFAD,SSIZE); + } + disc->tracks.push_back(t); +diff -Nur a/core/nullDC.cpp b/core/nullDC.cpp +--- a/core/nullDC.cpp 2016-05-18 07:26:32.041476119 -0300 ++++ b/core/nullDC.cpp 2016-05-18 08:06:38.942720450 -0300 +@@ -62,7 +62,8 @@ + if (GetOpenFileNameA(&ofn)) + { + //already there +- //strcpy(szFileName,ofn.lpstrFile); ++ //strncpy(szFileName,ofn.lpstrFile,sizeof(szFileName)); ++ //szFileName[sizeof(szFileName) - 1] = '\0'; + } + #endif + } +diff -Nur a/core/webui/server.cpp b/core/webui/server.cpp +--- a/core/webui/server.cpp 2016-05-18 07:26:32.061476498 -0300 ++++ b/core/webui/server.cpp 2016-05-18 07:46:18.756291583 -0300 +@@ -288,7 +288,8 @@ + } + + /* if not, send a file the easy way */ +- strcpy(buf, resource_path); ++ strncpy(buf, resource_path, sizeof(buf)); ++ buf[sizeof(buf) - 1] = '\0'; + if (strcmp((const char*)in, "/")) { + if (*((const char *)in) != '/') + strcat(buf, "/"); +diff -Nur a/shell/android/jni/src/Android.cpp b/shell/android/jni/src/Android.cpp +--- a/shell/android/jni/src/Android.cpp 2016-05-18 07:26:32.144811409 -0300 ++++ b/shell/android/jni/src/Android.cpp 2016-05-18 08:20:01.230329866 -0300 +@@ -206,7 +206,8 @@ + + if(Args[2]) + { +- strcpy(Args[2],"config:image="); ++ strncpy(Args[2],"config:image=",sizeof(Args[2])); ++ Args[2][sizeof(Args[2]) - 1] = '\0'; + strcat(Args[2],P); + } + +diff -Nur a/shell/linux-deps/include/X11/Xos_r.h b/shell/linux-deps/include/X11/Xos_r.h +--- a/shell/linux-deps/include/X11/Xos_r.h 2016-05-18 07:26:32.328148215 -0300 ++++ b/shell/linux-deps/include/X11/Xos_r.h 2016-05-18 09:04:54.728728985 -0300 +@@ -255,27 +255,33 @@ + + (p).pws.pw_name = (p).pwbuf; + (p).len = strlen((p).pwp->pw_name); +- strcpy((p).pws.pw_name, (p).pwp->pw_name); ++ strncpy((p).pws.pw_name, (p).pwp->pw_name, sizeof((p).pws.pw_name)); ++ (p).pws.pw_name[sizeof((p).pws.pw_name) - 1] = '\0'; + + (p).pws.pw_passwd = (p).pws.pw_name + (p).len + 1; + (p).len = strlen((p).pwp->pw_passwd); +- strcpy((p).pws.pw_passwd,(p).pwp->pw_passwd); ++ strncpy((p).pws.pw_passwd,(p).pwp->pw_passwd, sizeof((p).pws.pw_passwd)); ++ (p).pws.pw_passwd[sizeof((p).pws.pw_passwd) - 1] = '\0'; + + (p).pws.pw_class = (p).pws.pw_passwd + (p).len + 1; + (p).len = strlen((p).pwp->pw_class); +- strcpy((p).pws.pw_class, (p).pwp->pw_class); ++ strncpy((p).pws.pw_class, (p).pwp->pw_class, sizeof((p).pws.pw_class)); ++ (p).pws.pw_class[sizeof((p).pws.pw_class) - 1] = '\0'; + + (p).pws.pw_gecos = (p).pws.pw_class + (p).len + 1; + (p).len = strlen((p).pwp->pw_gecos); +- strcpy((p).pws.pw_gecos, (p).pwp->pw_gecos); ++ strncpy((p).pws.pw_gecos, (p).pwp->pw_gecos, sizeof((p).pws.pw_gecos)); ++ (p).pws.pw_gecos[sizeof((p).pws.pw_gecos) - 1] = '\0'; + + (p).pws.pw_dir = (p).pws.pw_gecos + (p).len + 1; + (p).len = strlen((p).pwp->pw_dir); +- strcpy((p).pws.pw_dir, (p).pwp->pw_dir); ++ strncpy((p).pws.pw_dir, (p).pwp->pw_dir, sizeof((p).pws.pw_dir)); ++ (p).pws.pw_dir[sizeof((p).pws.pw_dir) - 1] = '\0'; + + (p).pws.pw_shell = (p).pws.pw_dir + (p).len + 1; + (p).len = strlen((p).pwp->pw_shell); +- strcpy((p).pws.pw_shell, (p).pwp->pw_shell); ++ strncpy((p).pws.pw_shell, (p).pwp->pw_shell, sizeof((p).pws.pw_shell)); ++ (p).pws.pw_shell[sizeof((p).pws.pw_shell) - 1] = '\0'; + + (p).pwp = &(p).pws; + } +@@ -285,25 +291,32 @@ + (memcpy(&(p).pws, (p).pwp, sizeof(struct passwd)), \ + ((p).pws.pw_name = (p).pwbuf), \ + ((p).len = strlen((p).pwp->pw_name)), \ +- strcpy((p).pws.pw_name, (p).pwp->pw_name), \ ++ strncpy((p).pws.pw_name, (p).pwp->pw_name, sizeof((p).pws.pw_name)), \ ++ (p).pws.pw_name[sizeof((p).pws.pw_name) - 1] = '\0', \ + ((p).pws.pw_passwd = (p).pws.pw_name + (p).len + 1), \ + ((p).len = strlen((p).pwp->pw_passwd)), \ +- strcpy((p).pws.pw_passwd,(p).pwp->pw_passwd), \ ++ strncpy((p).pws.pw_passwd,(p).pwp->pw_passwd, sizeof((p).pws.pw_passwd)), \ ++ (p).pws.pw_passwd[sizeof((p).pws.pw_passwd) - 1] = '\0', \ + ((p).pws.pw_age = (p).pws.pw_passwd + (p).len + 1), \ + ((p).len = strlen((p).pwp->pw_age)), \ +- strcpy((p).pws.pw_age, (p).pwp->pw_age), \ ++ strncpy((p).pws.pw_age, (p).pwp->pw_age, sizeof((p).pws.pw_age)), \ ++ (p).pws.pw_age[sizeof((p).pws.pw_age) - 1] = '\0', \ + ((p).pws.pw_comment = (p).pws.pw_age + (p).len + 1), \ + ((p).len = strlen((p).pwp->pw_comment)), \ +- strcpy((p).pws.pw_comment, (p).pwp->pw_comment), \ ++ strncpy((p).pws.pw_comment, (p).pwp->pw_comment, sizeof((p).pws.pw_comment)), \ ++ (p).pws.pw_comment[sizeof((p).pws.pw_comment) - 1] = '\0', \ + ((p).pws.pw_gecos = (p).pws.pw_comment + (p).len + 1), \ + ((p).len = strlen((p).pwp->pw_gecos)), \ +- strcpy((p).pws.pw_gecos, (p).pwp->pw_gecos), \ ++ strncpy((p).pws.pw_gecos, (p).pwp->pw_gecos, sizeof((p).pws.pw_gecos)), \ ++ (p).pws.pw_gecos[sizeof((p).pws.pw_gecos) - 1] = '\0', \ + ((p).pws.pw_dir = (p).pws.pw_comment + (p).len + 1), \ + ((p).len = strlen((p).pwp->pw_dir)), \ +- strcpy((p).pws.pw_dir, (p).pwp->pw_dir), \ ++ strncpy((p).pws.pw_dir, (p).pwp->pw_dir, sizeof((p).pws.pw_dir)), \ ++ (p).pws.pw_dir[sizeof((p).pws.pw_dir) - 1] = '\0', \ + ((p).pws.pw_shell = (p).pws.pw_dir + (p).len + 1), \ +- ((p).len = strlen((p).pwp->pw_shell)), \ +- strcpy((p).pws.pw_shell, (p).pwp->pw_shell), \ ++ ((p).len = strlen((p).pwp->pw_shell), \ ++ strncpy((p).pws.pw_shell, (p).pwp->pw_shell, sizeof((p).pws.pw_shell)), \ ++ (p).pws.pw_shell[sizeof((p).pws.pw_shell) - 1] = '\0', \ + ((p).pwp = &(p).pws), \ + 0 ) + #endif +@@ -423,15 +436,18 @@ + + # define _Xg_copyHostent(hp) \ + (memcpy(&(hp).hent, (hp).hptr, sizeof(struct hostent)), \ +- strcpy((hp).h_name, (hp).hptr->h_name), \ ++ strncpy((hp).h_name, (hp).hptr->h_name, sizeof((hp).h_name)), \ ++ (hp).h_name[sizeof((hp).h_name) - 1] = '\0', \ + ((hp).hent.h_name = (hp).h_name), \ + ((hp).hptr = &(hp).hent), \ + 0 ) + # define _Xg_copyServent(sp) \ + (memcpy(&(sp).sent, (sp).sptr, sizeof(struct servent)), \ +- strcpy((sp).s_name, (sp).sptr->s_name), \ ++ strncpy((sp).s_name, (sp).sptr->s_name, sizeof((sp).s_name)), \ ++ (sp).s_name[sizeof((sp).s_name) - 1] = '\0', \ + ((sp).sent.s_name = (sp).s_name), \ +- strcpy((sp).s_proto, (sp).sptr->s_proto), \ ++ strncpy((sp).s_proto, (sp).sptr->s_proto, sizeof((sp).s_proto)), \ ++ (sp).s_proto[sizeof((sp).s_proto) - 1] = '\0', \ + ((sp).sent.s_proto = (sp).s_proto), \ + ((sp).sptr = &(sp).sent), \ + 0 ) +@@ -1015,7 +1031,8 @@ + ( memcpy(&(p).grp, (p).pgrp, sizeof(struct group)), \ + ((p).grp.gr_name = (p).buf), \ + ((p).len = strlen((p).pgrp->gr_name)), \ +- strcpy((p).grp.gr_name, (p).pgrp->gr_name), \ ++ strncpy((p).grp.gr_name, (p).pgrp->gr_name, sizeof((p).grp.gr_name)), \ ++ (p).grp.gr_name[sizeof((p).grp.gr_name) - 1] = '\0', \ + ((p).grp.gr_passwd = (p).grp.gr_name + (p).len + 1), \ + ((p).pgrp = &(p).grp), \ + 0 ) +@@ -1023,7 +1040,8 @@ + # define _Xgrp_copyGroup(p) \ + ( memcpy(&(p).grp, (p).pgrp, sizeof(struct group)), \ + ((p).grp.gr_name = (p).buf), \ +- strcpy((p).grp.gr_name, (p).pgrp->gr_name), \ ++ strncpy((p).grp.gr_name, (p).pgrp->gr_name, sizeof((p).grp.gr_name)), \ ++ (p).grp.gr_name[sizeof((p).grp.gr_name) - 1] = '\0', \ + ((p).pgrp = &(p).grp), \ + 0 ) + #endif +diff -Nur a/shell/linux-deps/include/X11/Xtrans/Xtrans.c b/shell/linux-deps/include/X11/Xtrans/Xtrans.c +--- a/shell/linux-deps/include/X11/Xtrans/Xtrans.c 2016-05-18 07:26:32.331481611 -0300 ++++ b/shell/linux-deps/include/X11/Xtrans/Xtrans.c 2016-05-18 08:46:03.538321741 -0300 +@@ -212,7 +212,8 @@ + /* Copy the string so it can be changed */ + + tmpptr = mybuf = (char *) xalloc (strlen (address) + 1); +- strcpy (mybuf, address); ++ strncpy (mybuf, address, sizeof(mybuf)); ++ mybuf[sizeof(mybuf) - 1] = '\0'; + + /* Parse the string to get each component */ + +@@ -371,7 +372,8 @@ + return 0; + } + else +- strcpy (*protocol, _protocol); ++ strncpy (*protocol, _protocol, sizeof(*protocol)); ++ *protocol[sizeof(*protocol) - 1] = '\0'; + + if ((*host = (char *) xalloc (strlen (_host) + 1)) == NULL) + { +@@ -384,7 +386,8 @@ + return 0; + } + else +- strcpy (*host, _host); ++ strncpy (*host, _host, sizeof(*host)); ++ *host[sizeof(*host) - 1] = '\0'; + + if ((*port = (char *) xalloc (strlen (_port) + 1)) == NULL) + { +@@ -398,7 +401,8 @@ + return 0; + } + else +- strcpy (*port, _port); ++ strncpy (*port, _port, sizeof(*port)); ++ *port[sizeof(*port) - 1] = '\0'; + + xfree (tmpptr); + +@@ -545,7 +549,8 @@ + return NULL; + } + +- strcpy (save_port, port); ++ strncpy (save_port, port, sizeof(save_port)); ++ save_port[sizeof(save_port) - 1] = '\0'; + + /* Get a new XtransConnInfo object */ + +@@ -671,7 +676,8 @@ + return 0; + else + { +- strcpy (*port, ciptr->port); ++ strncpy (*port, ciptr->port, sizeof(*port)); ++ *port[sizeof(*port) - 1] = '\0'; + return 1; + } + } +diff -Nur a/shell/linux-deps/include/X11/Xtrans/Xtranslcl.c b/shell/linux-deps/include/X11/Xtrans/Xtranslcl.c +--- a/shell/linux-deps/include/X11/Xtrans/Xtranslcl.c 2016-05-18 07:26:32.334815008 -0300 ++++ b/shell/linux-deps/include/X11/Xtrans/Xtranslcl.c 2016-05-18 08:37:44.809264973 -0300 +@@ -165,7 +165,8 @@ + xfree((char *) sunaddr); + return 0; + } +- strcpy (sunaddr->sun_path, sun_path); ++ strncpy (sunaddr->sun_path, sun_path, sizeof(sunaddr->sun_path)); ++ sunaddr->sun_path[sizeof(sunaddr->sun_path) - 1] = '\0'; + #if defined(BSD44SOCKETS) + sunaddr->sun_len = strlen (sunaddr->sun_path); + #endif +@@ -193,7 +194,8 @@ + xfree((char *) p_sunaddr); + return 0; + } +- strcpy (p_sunaddr->sun_path, peer_sun_path); ++ strncpy (p_sunaddr->sun_path, peer_sun_path, sizeof(p_sunaddr->sun_path)); ++ p_sunaddr->sun_path[sizeof(p_sunaddr->sun_path) - 1] = '\0'; + #if defined(BSD44SOCKETS) + p_sunaddr->sun_len = strlen (p_sunaddr->sun_path); + #endif +@@ -633,7 +635,8 @@ + } + + sunaddr->sun_family=AF_UNIX; +- strcpy(sunaddr->sun_path,buf); ++ strncpy(sunaddr->sun_path,buf,sizeof(sunaddr->sun_path)); ++ sunaddr->sun_path[sizeof(sunaddr->sun_path) - 1] = '\0'; + #if defined(BSD44SOCKETS) + sunaddr->sun_len=strlen(sunaddr->sun_path); + #endif +@@ -1682,7 +1685,8 @@ + { + workingXLOCAL=freeXLOCAL=(char *)xalloc (strlen (protocol) + 1); + if (workingXLOCAL) +- strcpy (workingXLOCAL, protocol); ++ strncpy (workingXLOCAL, protocol, sizeof(workingXLOCAL)); ++ workingXLOCAL[sizeof(workingXLOCAL) - 1] = '\0'; + } + else { + XLOCAL=(char *)getenv("XLOCAL"); +@@ -1690,7 +1694,8 @@ + XLOCAL=DEF_XLOCAL; + workingXLOCAL=freeXLOCAL=(char *)xalloc (strlen (XLOCAL) + 1); + if (workingXLOCAL) +- strcpy (workingXLOCAL, XLOCAL); ++ strncpy (workingXLOCAL, XLOCAL, sizeof(workingXLOCAL)); ++ workingXLOCAL[sizeof(workingXLOCAL) - 1] = '\0'; + } + } + +diff -Nur a/shell/linux-deps/include/X11/Xtrans/Xtranstli.c b/shell/linux-deps/include/X11/Xtrans/Xtranstli.c +--- a/shell/linux-deps/include/X11/Xtrans/Xtranstli.c 2016-05-18 07:26:32.334815008 -0300 ++++ b/shell/linux-deps/include/X11/Xtrans/Xtranstli.c 2016-05-18 08:49:18.868553403 -0300 +@@ -277,7 +277,8 @@ + + #ifdef nuke + if( *port == '/' ) { /* A full pathname */ +- (void) strcpy(sunaddr->sun_path, port); ++ (void) strncpy(sunaddr->sun_path, port, sizeof(sunaddr->sun_path)); ++ (void) sunaddr->sun_path[sizeof(sunaddr->sun_path) - 1] = '\0'; + } else { + (void) sprintf(sunaddr->sun_path,"%s%s", TLINODENAME, port ); + } +@@ -840,7 +841,8 @@ + sunaddr->sun_family=AF_UNIX; + if( port && *port ) { + if( *port == '/' ) { /* A full pathname */ +- (void) strcpy(sunaddr->sun_path, port); ++ (void) strncpy(sunaddr->sun_path, port, sizeof(sunaddr->sun_path)); ++ (void) sunaddr->sun_path[sizeof(sunaddr->sun_path) - 1] = '\0'; + } else { + (void) sprintf(sunaddr->sun_path,"%s%s", TLINODENAME, port ); + } +@@ -1144,7 +1146,8 @@ + if( *port == '/' || + strncmp (port, TLINODENAME, strlen (TLINODENAME)) == 0) { + /* Use the port as is */ +- (void) strcpy(sunaddr->sun_path, port); ++ (void) strncpy(sunaddr->sun_path, port, sizeof(sunaddr->sun_path)); ++ (void) sunaddr->sun_path[sizeof(sunaddr->sun_path) - 1] = '\0'; + } else { + (void) sprintf(sunaddr->sun_path,"%s%s", TLINODENAME, port ); + } +diff -Nur a/shell/linux-deps/include/X11/Xtrans/Xtransutil.c b/shell/linux-deps/include/X11/Xtrans/Xtransutil.c +--- a/shell/linux-deps/include/X11/Xtrans/Xtransutil.c 2016-05-18 07:26:32.338148404 -0300 ++++ b/shell/linux-deps/include/X11/Xtrans/Xtransutil.c 2016-05-18 08:40:26.572188461 -0300 +@@ -203,7 +203,8 @@ + if (!*addrp) + *addrp = (Xtransaddr *) xalloc (len + 1); + if (*addrp) { +- strcpy ((char *) *addrp, hostnamebuf); ++ strncpy ((char *) *addrp, hostnamebuf, sizeof((char *) *addrp)); ++ (char *) *addrp[sizeof((char *) *addrp) - 1] = '\0'; + *addrlenp = len; + } else { + *addrlenp = 0; +@@ -420,7 +421,8 @@ + + hostname = (char *) xalloc ( + strlen (ciptr->transptr->TransName) + strlen (addr) + 2); +- strcpy (hostname, ciptr->transptr->TransName); ++ strncpy (hostname, ciptr->transptr->TransName, sizeof(hostname)); ++ hostname[sizeof(hostname) - 1] = '\0'; + strcat (hostname, "/"); + if (addr) + strcat (hostname, addr); -- cgit v1.2.3