Refined number of bytes copied to buffer in several places.

This fixed "output may be truncated writing up to [m] bytes
into a region of size [n]" warnings found by gcc -Wformat-truncation.

diff --git a/test/fakesmtp.c b/test/fakesmtp.c
index c4fa3e7c69cc1babd3e5b6a3ec4095c0aa8a9b1c..8050e55334db2283cab611c0452a3fae25b3c44d 100644 (file)
--- a/test/fakesmtp.c
+++ b/test/fakesmtp.c
@@ -14,6 +14,10 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#ifndef min
+# define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
 #define PIDFILE "/tmp/fakesmtp.pid"
 
 #define LINESIZE 1024
@@ -155,9 +159,9 @@ getsmtp(int socket, char *data)
                if (bytesinbuf > 0 && (p = strchr(buffer, '\r')) &&
                                                        *(p + 1) == '\n') {
                        *p = '\0';
-                       strncpy(data, buffer, LINESIZE);
-                       data[LINESIZE - 1] = '\0';
                        cc = strlen(buffer);
+                       memcpy(data, buffer, min(cc + 1, LINESIZE));
+                       data[LINESIZE - 1] = '\0';
 
                        /*
                         * Shuffle leftover bytes back to the beginning

diff --git a/uip/dropsbr.c b/uip/dropsbr.c
index 630de11181615b892b8c2d8bd7584455ed79ccc9..4a6bb7a053dba1adb36f258e9e5949195a1fe0fc 100644 (file)
--- a/uip/dropsbr.c
+++ b/uip/dropsbr.c
@@ -247,10 +247,12 @@ mbx_copy (char *mailbox, int mbx_style, int md, int fd,
                         * If there is already a "From " line,
                         * then leave it alone.  Else we add one.
                         */
-                       char tmpbuffer[sizeof buffer-7];
+                       char tmpbuffer[sizeof buffer-21];
                        char *tp, *ep;
 
-                       strncpy(tmpbuffer, buffer, sizeof(tmpbuffer));
+                       (void) strncpy(tmpbuffer, buffer,
+                                      min(strlen(buffer) + 1,
+                                          sizeof(tmpbuffer) - 1));
                        ep = "nobody@nowhere";
                        tp = dctime(dlocaltimenow());
                        snprintf (buffer, sizeof(buffer), "From %s  %s%s", ep, tp, tmpbuffer);

diff --git a/uip/mkstemp.c b/uip/mkstemp.c
index b7fa5ae05b26142a8c5d57a7a34a22be31dd9f2a..7a653ea8e0cc98ef0741a062446d01b5f86e1e0a 100644 (file)
--- a/uip/mkstemp.c
+++ b/uip/mkstemp.c
@@ -88,8 +88,8 @@ build_template(const char *directory, const char *prefix, const char *suffix)
     prefix_len = strlen(prefix);
     suffix_len = strlen(suffix);
     /* sizeof pattern includes its final NULL, so don't add another. */
-    len = directory_len  +  pathsep_len  +  prefix_len  +   sizeof pattern  +
-        suffix_len;
+    len =
+        directory_len + pathsep_len + prefix_len + sizeof pattern + suffix_len;
 
     if ((template = malloc(len))) {
         char *tp = template;
@@ -102,7 +102,7 @@ build_template(const char *directory, const char *prefix, const char *suffix)
         (void) strncpy(tp, prefix, prefix_len);
         tp += prefix_len;
 
-        (void) strncpy(tp, pattern, sizeof pattern - 1);
+        (void) memcpy(tp, pattern, sizeof pattern);
         tp += sizeof pattern - 1;
 
         (void) strncpy(tp, suffix, suffix_len);

diff --git a/uip/popsbr.c b/uip/popsbr.c
index c1d520e9a9678c060ced1f956ee5cc1952a66faa..3b606334f15a3493400af5d37768e428e39acc60 100644 (file)
--- a/uip/popsbr.c
+++ b/uip/popsbr.c
@@ -703,7 +703,8 @@ multiline (void)
         strncpy (response, buffer + LEN(TRM), sizeof(response));
     }
     else
-       strncpy (response, buffer, sizeof(response));
+       strncpy (response, buffer,
+                min (strlen(buffer) + 1, sizeof(response) - 1));
 
     return OK;
 }