aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--driver.c10
-rw-r--r--env.c2
-rw-r--r--fetchmail.c2
-rw-r--r--gssapi.c2
-rw-r--r--kerberos.c8
-rw-r--r--pop2.c2
-rw-r--r--pop3.c2
-rw-r--r--rfc822.c4
-rw-r--r--transact.c8
9 files changed, 20 insertions, 20 deletions
diff --git a/driver.c b/driver.c
index f3145be2..647b777e 100644
--- a/driver.c
+++ b/driver.c
@@ -1104,22 +1104,22 @@ static int do_session(
if (h_errno != 0)
{
if (h_errno == HOST_NOT_FOUND)
- strcpy(errbuf, GT_("host is unknown."));
+ strlcpy(errbuf, GT_("host is unknown."), sizeof(errbuf));
#ifndef __BEOS__
else if (h_errno == NO_ADDRESS)
- strcpy(errbuf, GT_("name is valid but has no IP address."));
+ strlcpy(errbuf, GT_("name is valid but has no IP address."), sizeof(errbuf));
#endif
else if (h_errno == NO_RECOVERY)
- strcpy(errbuf, GT_("unrecoverable name server error."));
+ strlcpy(errbuf, GT_("unrecoverable name server error."), sizeof(errbuf));
else if (h_errno == TRY_AGAIN)
- strcpy(errbuf, GT_("temporary name server error."));
+ strlcpy(errbuf, GT_("temporary name server error."), sizeof(errbuf));
else
snprintf (errbuf, sizeof(errbuf),
GT_("unknown DNS error %d."), h_errno);
}
else
#endif /* HAVE_RES_SEARCH */
- strcpy(errbuf, strerror(err_no));
+ strlcpy(errbuf, strerror(err_no), sizeof(errbuf));
report_complete(stderr, ": %s\n", errbuf);
#ifdef __UNUSED
diff --git a/env.c b/env.c
index 6ff2d99a..17d3bc66 100644
--- a/env.c
+++ b/env.c
@@ -227,7 +227,7 @@ char *rfc822timestamp(void)
* date format ctime(3) emits is not RFC822
* conformant.
*/
- strcpy(buf, ctime(&now));
+ strlcpy(buf, ctime(&now), sizeof(buf));
buf[strlen(buf)-1] = '\0'; /* remove trailing \n */
#endif /* HAVE_STRFTIME */
diff --git a/fetchmail.c b/fetchmail.c
index 01d4ad4f..96993101 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -944,7 +944,7 @@ static int load_params(int argc, char **argv, int optind)
p = strrchr (rcfile, '/');
if (p && (p - rcfile) < sizeof (rcfiledir)) {
*p = 0; /* replace '/' by '0' */
- strcpy (rcfiledir, rcfile);
+ strlcpy (rcfiledir, rcfile, sizeof(rcfiledir));
*p = '/'; /* restore '/' */
if (!rcfiledir[0]) /* "/.fetchmailrc" case */
strcpy (rcfiledir, "/");
diff --git a/gssapi.c b/gssapi.c
index ebc32e87..654b82c7 100644
--- a/gssapi.c
+++ b/gssapi.c
@@ -174,7 +174,7 @@ int do_gssauth(int sock, char *command, char *service, char *hostname, char *use
buf_size = htonl(buf_size); /* do as they do... only matters if we do enc */
memcpy(buf1, &buf_size, 4);
buf1[0] = GSSAUTH_P_NONE;
- strcpy(buf1+4, username); /* server decides if princ is user */
+ strlcpy(buf1+4, username, sizeof(buf) - 4); /* server decides if princ is user */
request_buf.length = 4 + strlen(username) + 1;
request_buf.value = buf1;
maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
diff --git a/kerberos.c b/kerberos.c
index cf600f29..2cbfe8c1 100644
--- a/kerberos.c
+++ b/kerberos.c
@@ -146,13 +146,13 @@ int do_rfc1731(int sock, char *command, char *truename)
report(stderr,
GT_("non-null instance (%s) might cause strange behavior\n"),
tktinst);
- strcat(tktuser, ".");
- strcat(tktuser, tktinst);
+ strlcat(tktuser, ".", sizeof(tktuser));
+ strlcat(tktuser, tktinst, sizeof(tktuser));
}
if (strcmp(tktrealm, srvrealm) != 0) {
- strcat(tktuser, "@");
- strcat(tktuser, tktrealm);
+ strlcat(tktuser, "@", sizeof(tktuser));
+ strlcat(tktuser, tktrealm, sizeof(tktuser));
}
result = krb_mk_req(&authenticator, "imap", srvinst, srvrealm,
diff --git a/pop2.c b/pop2.c
index 88ad4244..bfccac17 100644
--- a/pop2.c
+++ b/pop2.c
@@ -59,7 +59,7 @@ static int pop2_getauth(int sock, struct query *ctl, char *buf)
{
int status;
- strcpy(shroud, ctl->password);
+ strlcpy(shroud, ctl->password, sizeof(shroud));
status = gen_transact(sock,
"HELO %s %s",
ctl->remotename, ctl->password);
diff --git a/pop3.c b/pop3.c
index dd3daf27..b5d1a965 100644
--- a/pop3.c
+++ b/pop3.c
@@ -523,7 +523,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
}
#endif /* OPIE_ENABLE */
- strcpy(shroud, ctl->password);
+ strlcpy(shroud, ctl->password, sizeof(shroud));
ok = gen_transact(sock, "PASS %s", ctl->password);
shroud[0] = '\0';
#ifdef SSL_ENABLE
diff --git a/rfc822.c b/rfc822.c
index 99c78c0e..0fdc6a5a 100644
--- a/rfc822.c
+++ b/rfc822.c
@@ -432,13 +432,13 @@ int main(int argc, char *argv[])
while (fgets(buf, sizeof(buf)-1, stdin))
{
if (buf[0] == ' ' || buf[0] == '\t')
- strcat(longbuf, buf);
+ strlcat(longbuf, buf, sizeof(longbuf));
else if (!strncasecmp("From: ", buf, 6)
|| !strncasecmp("To: ", buf, 4)
|| !strncasecmp("Reply-", buf, 6)
|| !strncasecmp("Cc: ", buf, 4)
|| !strncasecmp("Bcc: ", buf, 5))
- strcpy(longbuf, buf);
+ strlcpy(longbuf, buf, sizeof(longbuf));
else if (longbuf[0])
{
if (verbose)
diff --git a/transact.c b/transact.c
index a757538c..0ca37d7e 100644
--- a/transact.c
+++ b/transact.c
@@ -963,7 +963,7 @@ int readheaders(int sock,
/* We have the real envelope return-path, stored out of band by
* SDPS - that's more accurate than any header is going to be.
*/
- strcpy(msgblk.return_path, sdps_envfrom);
+ strlcpy(msgblk.return_path, sdps_envfrom, sizeof(msgblk.return_path));
free(sdps_envfrom);
} else
#endif /* SDPS_ENABLE */
@@ -1206,11 +1206,11 @@ int readheaders(int sock,
char errhd[USERNAMELEN + POPBUFSIZE], *errmsg;
errmsg = errhd;
- (void) strcpy(errhd, "X-Fetchmail-Warning: ");
+ strlcpy(errhd, "X-Fetchmail-Warning: ", sizeof(errhd));
if (no_local_matches)
{
if (reject_count != 1)
- strcat(errhd, GT_("no recipient addresses matched declared local names"));
+ strlcat(errhd, GT_("no recipient addresses matched declared local names"), sizeof(errhd));
else
{
for (idp = msgblk.recipients; idp; idp = idp->next)
@@ -1241,7 +1241,7 @@ int readheaders(int sock,
errlen += strlen(idp->id) + 2;
xalloca(errmsg, char *, errlen+3);
- (void) strcpy(errmsg, errhd);
+ strcpy(errmsg, errhd);
for (idp = msgblk.recipients; idp; idp = idp->next)
if (idp->val.status.mark == XMIT_RCPTBAD)
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 12:23:27 +0000