about summary refs log tree commit diff
path: root/third_party
diff options
context:
space:
mode:
authorKane York <kanepyork@gmail.com>2020-07-23T20·02-0700
committerkanepyork <rikingcoding@gmail.com>2020-07-23T22·00+0000
commit9a85694b8616f2e10f19440f4db9017d44dfae18 (patch)
treeb915674b395abd2bfe617e0a4e50c5944dc540a1 /third_party
parentec46a594dff3453c1091b01d4904f1ab1947d60d (diff)
fix(3p/nix): remove usage of strcpy r/1437
Change-Id: I86125609f433469a8722c780fd758234211d677e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1381
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Reviewed-by: glittershark <grfn@gws.fyi>
Diffstat (limited to 'third_party')
-rw-r--r--third_party/nix/.clang-tidy2
-rw-r--r--third_party/nix/src/libstore/build.cc2
-rw-r--r--third_party/nix/src/libstore/remote-store.cc7
-rw-r--r--third_party/nix/src/nix-daemon/nix-daemon.cc8
4 files changed, 10 insertions, 9 deletions
diff --git a/third_party/nix/.clang-tidy b/third_party/nix/.clang-tidy
index 4e0e8b6e0e2b..bccfa148cf33 100644
--- a/third_party/nix/.clang-tidy
+++ b/third_party/nix/.clang-tidy
@@ -1,3 +1,3 @@
 ---
-WarningsAsErrors: 'abseil-*'
+WarningsAsErrors: 'abseil-*,clang-analyzer-security.insecureAPI.strcpy'
 ...
diff --git a/third_party/nix/src/libstore/build.cc b/third_party/nix/src/libstore/build.cc
index dcc3c7edc7af..da35388d855a 100644
--- a/third_party/nix/src/libstore/build.cc
+++ b/third_party/nix/src/libstore/build.cc
@@ -2833,7 +2833,7 @@ void DerivationGoal::runChild() {
         }
 
         struct ifreq ifr;
-        strcpy(ifr.ifr_name, "lo");
+        strncpy(ifr.ifr_name, "lo", sizeof("lo"));
         ifr.ifr_flags = IFF_UP | IFF_LOOPBACK | IFF_RUNNING;
         if (ioctl(fd.get(), SIOCSIFFLAGS, &ifr) == -1) {
           throw SysError("cannot set loopback interface flags");
diff --git a/third_party/nix/src/libstore/remote-store.cc b/third_party/nix/src/libstore/remote-store.cc
index 7c4f3a138fc0..33a6ec310ac1 100644
--- a/third_party/nix/src/libstore/remote-store.cc
+++ b/third_party/nix/src/libstore/remote-store.cc
@@ -99,12 +99,13 @@ ref<RemoteStore::Connection> UDSRemoteStore::openConnection() {
 
   struct sockaddr_un addr;
   addr.sun_family = AF_UNIX;
-  if (socketPath.size() + 1 >= sizeof(addr.sun_path)) {
+  strncpy(addr.sun_path, socketPath.c_str(), sizeof(addr.sun_path));
+  if (addr.sun_path[sizeof(addr.sun_path) - 1] != '\0') {
     throw Error(format("socket path '%1%' is too long") % socketPath);
   }
-  strcpy(addr.sun_path, socketPath.c_str());
 
-  if (::connect(conn->fd.get(), (struct sockaddr*)&addr, sizeof(addr)) == -1) {
+  if (::connect(conn->fd.get(), reinterpret_cast<struct sockaddr*>(&addr),
+                sizeof(addr)) == -1) {
     throw SysError(format("cannot connect to daemon at '%1%'") % socketPath);
   }
 
diff --git a/third_party/nix/src/nix-daemon/nix-daemon.cc b/third_party/nix/src/nix-daemon/nix-daemon.cc
index dc5295821f84..1f49788ae573 100644
--- a/third_party/nix/src/nix-daemon/nix-daemon.cc
+++ b/third_party/nix/src/nix-daemon/nix-daemon.cc
@@ -970,10 +970,10 @@ static void daemonLoop(char** argv) {
 
     struct sockaddr_un addr;
     addr.sun_family = AF_UNIX;
-    if (socketPathRel.size() >= sizeof(addr.sun_path)) {
+    strncpy(addr.sun_path, socketPathRel.c_str(), sizeof(addr.sun_path));
+    if (addr.sun_path[sizeof(addr.sun_path) - 1] != '\0') {
       throw Error(format("socket path '%1%' is too long") % socketPathRel);
     }
-    strcpy(addr.sun_path, socketPathRel.c_str());
 
     unlink(socketPath.c_str());
 
@@ -1125,10 +1125,10 @@ static int _main(int argc, char** argv) {
         auto socketName = baseNameOf(socketPath);
         auto addr = sockaddr_un{};
         addr.sun_family = AF_UNIX;
-        if (socketName.size() + 1 >= sizeof(addr.sun_path)) {
+        strncpy(addr.sun_path, socketName.c_str(), sizeof(addr.sun_path));
+        if (addr.sun_path[sizeof(addr.sun_path) - 1] != '\0') {
           throw Error(format("socket name %1% is too long") % socketName);
         }
-        strcpy(addr.sun_path, socketName.c_str());
 
         if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) == -1) {
           throw SysError(format("cannot connect to daemon at %1%") %