check and error on strlcpy truncation

author: Omar Polo <op@omarpolo.com> 2024-06-09 09:46:04 +0000
committer: Omar Polo <op@omarpolo.com> 2024-06-09 09:46:04 +0000
commit: 68d36b207f055fe76be5f57f034df3c5a60206cf (patch)
tree: a37c7a37bde8aebcf776788e827a7d506f8f8727
parent: 910fbe8f00e7e864f7efbb0b2b5a4d475f3968b2 (diff)
3 files changed, 60 insertions, 25 deletions
diff --git a/ge.c b/ge.c
index 2bd3991..e0d7b55 100644
--- a/ge.c
+++ b/ge.c
@@ -112,7 +112,9 @@ load_local_cert(struct vhost *h, const char *hostname, const char *dir)
 	if (h->key == NULL)
 		fatal("can't load %s", key);
 
-	strlcpy(h->domain, hostname, sizeof(h->domain));
+	if (strlcpy(h->domain, hostname, sizeof(h->domain))
+	    >= sizeof(h->domain))
+		fatalx("hostname too long: %s", hostname);
 }
 
 /* wrapper around dirname(3).  dn must be PATH_MAX+1 at least. */
@@ -122,7 +124,8 @@ pdirname(const char *path, char *dn)
 	char	 p[PATH_MAX+1];
 	char	*t;
 
-	strlcpy(p, path, sizeof(p));
+	if (strlcpy(p, path, sizeof(p)) >= sizeof(p))
+		fatalx("%s: path too long: %s", __func__, path);
 	t = dirname(p);
 	memmove(dn, t, strlen(t)+1);
 }
diff --git a/gmid.c b/gmid.c
index 408b184..f559b1e 100644
--- a/gmid.c
+++ b/gmid.c
@@ -314,10 +314,12 @@ main(int argc, char **argv)
 		if (*conf->chroot != '\0' && *conf->user == '\0')
 			fatalx("can't chroot without a user to switch to.");
 	} else {
-		if (user)
-			strlcpy(conf->user, user, sizeof(conf->user));
-		if (chroot)
-			strlcpy(conf->chroot, chroot, sizeof(conf->chroot));
+		if (user && strlcpy(conf->user, user, sizeof(conf->user))
+		    >= sizeof(conf->user))
+			fatalx("user name too long: %s", user);
+		if (chroot && strlcpy(conf->chroot, chroot, sizeof(conf->chroot))
+		    >= sizeof(conf->user))
+			fatalx("chroot path too long: %s", chroot);
 	}
 
 	if ((ps = calloc(1, sizeof(*ps))) == NULL)
diff --git a/parse.y b/parse.y
index 04254f4..b593387 100644
--- a/parse.y
+++ b/parse.y
@@ -335,7 +335,10 @@ vhost		: SERVER string {
 			TAILQ_INIT(&host->proxies);
 
 			(void) strlcpy(loc->match, "*", sizeof(loc->match));
-			(void) strlcpy(host->domain, $2, sizeof(host->domain));
+
+			if (strlcpy(host->domain, $2, sizeof(host->domain))
+			    >= sizeof(host->domain))
+				yyerror("server name too long: %s", $2);
 
 			if (strstr($2, "xn--") != NULL) {
 				yywarn("\"%s\" looks like punycode: you "
@@ -381,7 +384,9 @@ servopt		: ALIAS string {
 			struct alist *a;
 
 			a = xcalloc(1, sizeof(*a));
-			(void) strlcpy(a->alias, $2, sizeof(a->alias));
+			if (strlcpy(a->alias, $2, sizeof(a->alias))
+			    >= sizeof(a->alias))
+				yyerror("alias too long: %s", $2);
 			free($2);
 			TAILQ_INSERT_TAIL(&host->aliases, a, aliases);
 		}
@@ -458,11 +463,17 @@ proxy_port	: /* empty */	{ $$ = 1965; }
 		;
 
 proxy_match	: PROTO string {
-			(void) strlcpy(proxy->match_proto, $2, sizeof(proxy->match_proto));
+			if (strlcpy(proxy->match_proto, $2,
+			    sizeof(proxy->match_proto))
+			    >= sizeof(proxy->match_proto))
+				yyerror("proto too long: %s", $2);
 			free($2);
 		}
 		| FOR_HOST string proxy_port {
-			(void) strlcpy(proxy->match_host, $2, sizeof(proxy->match_host));
+			if (strlcpy(proxy->match_host, $2,
+			    sizeof(proxy->match_host))
+			    >= sizeof(proxy->match_host))
+				yyerror("for-host too long: %s", $2);
 			(void) snprintf(proxy->match_port, sizeof(proxy->match_port),
 			    "%d", $3);
 			free($2);
@@ -489,7 +500,9 @@ proxy_opt	: CERT string {
 			free($2);
 		}
 		| RELAY_TO string proxy_port {
-			(void) strlcpy(proxy->host, $2, sizeof(proxy->host));
+			if (strlcpy(proxy->host, $2, sizeof(proxy->host))
+			    >= sizeof(proxy->host))
+				yyerror("relay-to host too long: %s", $2);
 			(void) snprintf(proxy->port, sizeof(proxy->port),
 			    "%d", $3);
 			free($2);
@@ -499,7 +512,9 @@ proxy_opt	: CERT string {
 			proxy->reqca_path = $4;
 		}
 		| SNI string {
-			(void) strlcpy(proxy->sni, $2, sizeof(proxy->sni));
+			if (strlcpy(proxy->sni, $2, sizeof(proxy->sni))
+			    >= sizeof(proxy->sni))
+				yyerror("sni hostname too long: %s", $2);
 			free($2);
 		}
 		| USE_TLS bool {
@@ -514,7 +529,9 @@ location	: LOCATION { advance_loc(); } string '{' optnl locopts '}' {
 			/* drop the starting '/' if any */
 			if (*$3 == '/')
 				memmove($3, $3+1, strlen($3));
-			(void) strlcpy(loc->match, $3, sizeof(loc->match));
+			if (strlcpy(loc->match, $3, sizeof(loc->match))
+			    >= sizeof(loc->match))
+				yyerror("location path too long: %s", $3);
 			free($3);
 		}
 		| error '}'
@@ -527,7 +544,9 @@ locopts		: /* empty */
 locopt		: AUTO INDEX bool	{ loc->auto_index = $3 ? 1 : -1; }
 		| BLOCK RETURN NUM string {
 			check_block_fmt($4);
-			(void) strlcpy(loc->block_fmt, $4, sizeof(loc->block_fmt));
+			if (strlcpy(loc->block_fmt, $4, sizeof(loc->block_fmt))
+			    >= sizeof(loc->block_fmt))
+				yyerror("block return meta too long: %s", $4);
 			loc->block_code = check_block_code($3);
 			free($4);
 		}
@@ -544,18 +563,23 @@ locopt		: AUTO INDEX bool	{ loc->auto_index = $3 ? 1 : -1; }
 			loc->block_code = 40;
 		}
 		| DEFAULT TYPE string {
-			(void) strlcpy(loc->default_mime, $3,
-			    sizeof(loc->default_mime));
+			if (strlcpy(loc->default_mime, $3,
+			    sizeof(loc->default_mime))
+			    >= sizeof(loc->default_mime))
+				yyerror("default type too long: %s", $3);
 			free($3);
 		}
 		| fastcgi
 		| INDEX string {
-			(void) strlcpy(loc->index, $2, sizeof(loc->index));
+			if (strlcpy(loc->index, $2, sizeof(loc->index))
+			    >= sizeof(loc->index))
+				yyerror("index string too long: %s", $2);
 			free($2);
 		}
 		| LANG string {
-			(void) strlcpy(loc->lang, $2,
-			    sizeof(loc->lang));
+			if (strlcpy(loc->lang, $2, sizeof(loc->lang))
+			    >= sizeof(loc->lang))
+				yyerror("lang too long: %s", $2);
 			free($2);
 		}
 		| LOG bool	{ loc->disable_log = !$2; }
@@ -564,7 +588,9 @@ locopt		: AUTO INDEX bool	{ loc->auto_index = $3 ? 1 : -1; }
 			loc->reqca_path = $4;
 		}
 		| ROOT string		{
-			(void) strlcpy(loc->dir, $2, sizeof(loc->dir));
+			if (strlcpy(loc->dir, $2, sizeof(loc->dir))
+			    >= sizeof(loc->dir))
+				yyerror("root path too long: %s", $2);
 			free($2);
 		}
 		| STRIP NUM		{ loc->strip = check_strip_no($2); }
@@ -1251,9 +1277,11 @@ fastcgi_conf(const char *path, const char *port)
 
 	f = xcalloc(1, sizeof(*f));
 	f->id = i;
-	(void)strlcpy(f->path, path, sizeof(f->path));
-	if (port != NULL)
-		(void)strlcpy(f->port, port, sizeof(f->port));
+	if (strlcpy(f->path, path, sizeof(f->path)) >= sizeof(f->path))
+		yyerror("fastcgi path is too long: %s", path);
+	if (port != NULL &&
+	    strlcpy(f->port, port, sizeof(f->port)) >= sizeof(f->port))
+		yyerror("port too long: %s", port);
 	TAILQ_INSERT_TAIL(&conf->fcgi, f, fcgi);
 
 	return f->id;
@@ -1266,8 +1294,10 @@ add_param(char *name, char *val)
 	struct envhead *h = &loc->params;
 
 	e = xcalloc(1, sizeof(*e));
-	(void) strlcpy(e->name, name, sizeof(e->name));
-	(void) strlcpy(e->value, val, sizeof(e->value));
+	if (strlcpy(e->name, name, sizeof(e->name)) >= sizeof(e->name))
+		yyerror("parameter name too long: %s", name);
+	if (strlcpy(e->value, val, sizeof(e->value)) >= sizeof(e->value))
+		yyerror("param value too long: %s", val);
 	TAILQ_INSERT_TAIL(h, e, envs);
 }
author	Omar Polo <op@omarpolo.com>	2024-06-09 09:46:04 +0000
committer	Omar Polo <op@omarpolo.com>	2024-06-09 09:46:04 +0000
commit	68d36b207f055fe76be5f57f034df3c5a60206cf (patch)
tree	a37c7a37bde8aebcf776788e827a7d506f8f8727
parent	910fbe8f00e7e864f7efbb0b2b5a4d475f3968b2 (diff)