From d4fb4fdea097f0fd1e9f2cd72d0d8a30c91f48bf Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sat, 11 Aug 2018 14:15:09 +0200
Subject: [PATCH] layer23: Replace all instances of strncpy() by osmo_strlcpy

This gives us working/safe zero termination without overflowing
the destination string size.

Change-Id: Ica6098ceba2bd01ce3b216085442cc5eed0ca507
---
 src/host/layer23/src/common/l1l2_interface.c |  3 +--
 src/host/layer23/src/common/sap_interface.c  |  5 ++---
 src/host/layer23/src/mobile/gsm411_sms.c     |  4 ++--
 src/host/layer23/src/mobile/gsm480_ss.c      |  7 ++-----
 src/host/layer23/src/mobile/mnccms.c         |  5 ++---
 src/host/layer23/src/mobile/subscriber.c     |  2 +-
 src/host/layer23/src/mobile/vty_interface.c  | 12 +++++-------
 7 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/src/host/layer23/src/common/l1l2_interface.c b/src/host/layer23/src/common/l1l2_interface.c
index 956279d36..3e9cee4bd 100644
--- a/src/host/layer23/src/common/l1l2_interface.c
+++ b/src/host/layer23/src/common/l1l2_interface.c
@@ -114,8 +114,7 @@ int layer2_open(struct osmocom_ms *ms, const char *socket_path)
 	}
 
 	local.sun_family = AF_UNIX;
-	strncpy(local.sun_path, socket_path, sizeof(local.sun_path));
-	local.sun_path[sizeof(local.sun_path) - 1] = '\0';
+	osmo_strlcpy(local.sun_path, socket_path, sizeof(local.sun_path));
 
 	rc = connect(ms->l2_wq.bfd.fd, (struct sockaddr *) &local,
 		     sizeof(local));
diff --git a/src/host/layer23/src/common/sap_interface.c b/src/host/layer23/src/common/sap_interface.c
index fd1965911..e18bb3179 100644
--- a/src/host/layer23/src/common/sap_interface.c
+++ b/src/host/layer23/src/common/sap_interface.c
@@ -508,8 +508,7 @@ int sap_open(struct osmocom_ms *ms, const char *socket_path)
 	}
 
 	local.sun_family = AF_UNIX;
-	strncpy(local.sun_path, socket_path, sizeof(local.sun_path));
-	local.sun_path[sizeof(local.sun_path) - 1] = '\0';
+	osmo_strlcpy(local.sun_path, socket_path, sizeof(local.sun_path));
 
 	rc = connect(ms->sap_wq.bfd.fd, (struct sockaddr *) &local, sizeof(local));
 	if (rc < 0) {
@@ -572,7 +571,7 @@ int osmosap_sapsocket(struct osmocom_ms *ms, const char *path)
 {
 	struct gsm_settings *set = &ms->settings;
 	memset(set->sap_socket_path, 0, sizeof(set->sap_socket_path));
-	strncpy(set->sap_socket_path, path, sizeof(set->sap_socket_path) - 1);
+	osmo_strlcpy(set->sap_socket_path, path, sizeof(set->sap_socket_path) - 1);
 
 	return 0;
 }
diff --git a/src/host/layer23/src/mobile/gsm411_sms.c b/src/host/layer23/src/mobile/gsm411_sms.c
index 623ba5389..c476ff406 100644
--- a/src/host/layer23/src/mobile/gsm411_sms.c
+++ b/src/host/layer23/src/mobile/gsm411_sms.c
@@ -104,7 +104,7 @@ struct gsm_sms *sms_from_text(const char *receiver, int dcs, const char *text)
 	if (!sms)
 		return NULL;
 
-	strncpy(sms->text, text, sizeof(sms->text)-1);
+	OSMO_STRLCPY_ARRAY(sms->text, text);
 
 	/* FIXME: don't use ID 1 static */
 	sms->reply_path_req = 0;
@@ -112,7 +112,7 @@ struct gsm_sms *sms_from_text(const char *receiver, int dcs, const char *text)
 	sms->ud_hdr_ind = 0;
 	sms->protocol_id = 0; /* implicit */
 	sms->data_coding_scheme = dcs;
-	strncpy(sms->address, receiver, sizeof(sms->address)-1);
+	OSMO_STRLCPY_ARRAY(sms->address, receiver);
 	/* Generate user_data */
 	sms->user_data_len = gsm_7bit_encode_n(sms->user_data,
 		sizeof(sms->user_data), sms->text, NULL);
diff --git a/src/host/layer23/src/mobile/gsm480_ss.c b/src/host/layer23/src/mobile/gsm480_ss.c
index ee2c94398..2869ce6fb 100644
--- a/src/host/layer23/src/mobile/gsm480_ss.c
+++ b/src/host/layer23/src/mobile/gsm480_ss.c
@@ -200,8 +200,7 @@ static int gsm480_ss_result(struct osmocom_ms *ms, const char *response,
 	if (response) {
 		char text[256], *t = text, *s;
 
-		strncpy(text, response, sizeof(text) - 1);
-		text[sizeof(text) - 1] = '\0';
+		OSMO_STRLCPY_ARRAY(text, response);
 		while ((s = strchr(text, '\r')))
 			*s = '\n';
 		while ((s = strsep(&t, "\n"))) {
@@ -655,9 +654,7 @@ int ss_send(struct osmocom_ms *ms, const char *code, int new_trans)
 	
 		/* register */
 		if (ss_code && to && to[0] == '*') {
-			strncpy(dest, to + 1, sizeof(dest) - 1);
-			dest[sizeof(dest) - 1] = '\0';
-			dest[strlen(dest) - 1] = '\0';
+			OSMO_STRLCPY_ARRAY(dest, to + 1);
 			return gsm480_tx_cf(trans, GSM0480_MTYPE_REGISTER,
 				GSM0480_OP_CODE_REGISTER_SS, ss_code, dest);
 		}
diff --git a/src/host/layer23/src/mobile/mnccms.c b/src/host/layer23/src/mobile/mnccms.c
index b8c25581c..9be9c8fef 100644
--- a/src/host/layer23/src/mobile/mnccms.c
+++ b/src/host/layer23/src/mobile/mnccms.c
@@ -576,8 +576,7 @@ int mncc_call(struct osmocom_ms *ms, char *number)
 			setup.called.type = 0; /* auto/unknown - prefix must be
 						  used */
 		setup.called.plan = 1; /* ISDN */
-		strncpy(setup.called.number, number,
-			sizeof(setup.called.number) - 1);
+		OSMO_STRLCPY_ARRAY(setup.called.number, number);
 
 		/* bearer capability (mandatory) */
 		mncc_set_bearer(ms, -1, &setup);
@@ -808,7 +807,7 @@ int mncc_dtmf(struct osmocom_ms *ms, char *dtmf)
 	}
 
 	call->dtmf_index = 0;
-	strncpy(call->dtmf, dtmf, sizeof(call->dtmf) - 1);
+	OSMO_STRLCPY_ARRAY(call->dtmf, dtmf);
 	return dtmf_statemachine(call, NULL);
 }
 
diff --git a/src/host/layer23/src/mobile/subscriber.c b/src/host/layer23/src/mobile/subscriber.c
index 6a30148b7..7a011411d 100644
--- a/src/host/layer23/src/mobile/subscriber.c
+++ b/src/host/layer23/src/mobile/subscriber.c
@@ -256,7 +256,7 @@ static int subscr_sim_imsi(struct osmocom_ms *ms, uint8_t *data,
 		return -EINVAL;
 	}
 
-	strncpy(subscr->imsi, imsi + 1, sizeof(subscr->imsi) - 1);
+	OSMO_STRLCPY_ARRAY(subscr->imsi, imsi + 1);
 
 	LOGP(DMM, LOGL_INFO, "received IMSI %s from SIM\n", subscr->imsi);
 
diff --git a/src/host/layer23/src/mobile/vty_interface.c b/src/host/layer23/src/mobile/vty_interface.c
index 4adcf9058..12c32a537 100644
--- a/src/host/layer23/src/mobile/vty_interface.c
+++ b/src/host/layer23/src/mobile/vty_interface.c
@@ -1582,8 +1582,7 @@ DEFUN(cfg_ms_layer2, cfg_ms_layer2_cmd, "layer2-socket PATH",
 	struct osmocom_ms *ms = vty->index;
 	struct gsm_settings *set = &ms->settings;
 
-	strncpy(set->layer2_socket_path, argv[0],
-		sizeof(set->layer2_socket_path) - 1);
+	OSMO_STRLCPY_ARRAY(set->layer2_socket_path, argv[0]);
 
 	vty_restart(vty, ms);
 	return CMD_SUCCESS;
@@ -1596,8 +1595,7 @@ DEFUN(cfg_ms_sap, cfg_ms_sap_cmd, "sap-socket PATH",
 	struct osmocom_ms *ms = vty->index;
 	struct gsm_settings *set = &ms->settings;
 
-	strncpy(set->sap_socket_path, argv[0],
-		sizeof(set->sap_socket_path) - 1);
+	OSMO_STRLCPY_ARRAY(set->sap_socket_path, argv[0]);
 
 	vty_restart(vty, ms);
 	return CMD_SUCCESS;
@@ -2134,10 +2132,10 @@ DEFUN(cfg_abbrev, cfg_ms_abbrev_cmd, "abbrev ABBREVIATION NUMBER [NAME]",
 		return CMD_WARNING;
 	}
 	llist_add_tail(&abbrev->list, &set->abbrev);
-	strncpy(abbrev->abbrev, argv[0], sizeof(abbrev->abbrev) - 1);
-	strncpy(abbrev->number, argv[1], sizeof(abbrev->number) - 1);
+	OSMO_STRLCPY_ARRAY(abbrev->abbrev, argv[0]);
+	OSMO_STRLCPY_ARRAY(abbrev->number, argv[1]);
 	if (argc >= 3)
-		strncpy(abbrev->name, argv[2], sizeof(abbrev->name) - 1);
+		OSMO_STRLCPY_ARRAY(abbrev->name, argv[2]);
 
 	return CMD_SUCCESS;
 }