[PATCH 1 of 2] osutil: stop using strcpy

Augie Fackler raf at durin42.com
Sat Mar 19 20:21:42 EDT 2016


# HG changeset patch
# User Augie Fackler <augie at google.com>
# Date 1458432139 14400
#      Sat Mar 19 20:02:19 2016 -0400
# Node ID e09de2f7fe03ba5cb0ba387dee866ffae00bb922
# Parent  2e0a3cbabdb7d68e04da1cb9982e98edec2eacef
osutil: stop using strcpy

strcpy is a security vulnerability masquerading as a utility
function. Replace it with memcpy since we know how much to copy
anyway.

diff --git a/mercurial/osutil.c b/mercurial/osutil.c
--- a/mercurial/osutil.c
+++ b/mercurial/osutil.c
@@ -203,14 +203,15 @@ static PyObject *_listdir(char *path, in
 		PyErr_NoMemory();
 		goto error_nomem;
 	}
-	strcpy(pattern, path);
+	memcpy(pattern, path, plen);
 
 	if (plen > 0) {
 		char c = path[plen-1];
 		if (c != ':' && c != '/' && c != '\\')
 			pattern[plen++] = '\\';
 	}
-	strcpy(pattern + plen, "*");
+	pattern[plen++] = '*';
+	pattern[plen] = '\0';
 
 	fh = FindFirstFileA(pattern, &fd);
 	if (fh == INVALID_HANDLE_VALUE) {


More information about the Mercurial-devel mailing list