You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@logging.apache.org by sw...@apache.org on 2023/01/23 01:23:35 UTC

[logging-log4cxx] branch fix_sonar_cloud_errors created (now 398940c6)

This is an automated email from the ASF dual-hosted git repository.

swebb2066 pushed a change to branch fix_sonar_cloud_errors
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git


      at 398940c6 Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions

This branch includes the following new commits:

     new 398940c6 Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[logging-log4cxx] 01/01: Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions

Posted by sw...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

swebb2066 pushed a commit to branch fix_sonar_cloud_errors
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git

commit 398940c6a3e880f15c01ba6d3a45cfd8ee3b39f3
Author: Stephen Webb <st...@sabreautonomous.com.au>
AuthorDate: Mon Jan 23 12:23:07 2023 +1100

    Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions
---
 src/main/cpp/domconfigurator.cpp                |  7 ++--
 src/main/cpp/exception.cpp                      |  8 ++--
 src/main/cpp/smtpappender.cpp                   |  4 +-
 src/main/include/log4cxx/private/string_c11.h   | 56 +++++++++++++++++++++++++
 src/test/cpp/helpers/charsetdecodertestcase.cpp |  5 +--
 5 files changed, 69 insertions(+), 11 deletions(-)

diff --git a/src/main/cpp/domconfigurator.cpp b/src/main/cpp/domconfigurator.cpp
index 360b9bfb..886ceee0 100644
--- a/src/main/cpp/domconfigurator.cpp
+++ b/src/main/cpp/domconfigurator.cpp
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
+#include <log4cxx/private/string_c11.h>
 #include <log4cxx/logstring.h>
 #include <log4cxx/xml/domconfigurator.h>
 #include <log4cxx/appender.h>
@@ -56,6 +56,8 @@ using namespace log4cxx::spi;
 using namespace log4cxx::config;
 using namespace log4cxx::rolling;
 
+#define MAX_ATTRIBUTE_NAME_LEN 200
+
 struct DOMConfigurator::DOMConfiguratorPrivate
 {
 	helpers::Properties props;
@@ -63,7 +65,6 @@ struct DOMConfigurator::DOMConfiguratorPrivate
 	spi::LoggerFactoryPtr loggerFactory;
 };
 
-
 #if APR_HAS_THREADS
 namespace log4cxx
 {
@@ -1147,7 +1148,7 @@ LogString DOMConfigurator::getAttribute(
 	{
 		if (attrName == attr->name)
 		{
-			ByteBuffer buf((char*) attr->value, strlen(attr->value));
+			ByteBuffer buf((char*) attr->value, strnlen_s(attr->value, MAX_ATTRIBUTE_NAME_LEN));
 			utf8Decoder->decode(buf, attrValue);
 		}
 	}
diff --git a/src/main/cpp/exception.cpp b/src/main/cpp/exception.cpp
index 7eeaf005..71c4b476 100644
--- a/src/main/cpp/exception.cpp
+++ b/src/main/cpp/exception.cpp
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
+#define __STDC_WANT_LIB_EXT1__ 1
 #include <log4cxx/logstring.h>
 #include <log4cxx/helpers/exception.h>
 #include <string.h>
@@ -62,7 +62,8 @@ Exception::Exception(const Exception& src) : std::exception()
 #if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
 	strcpy_s(msg, sizeof msg, src.msg);
 #else
-	strcpy(msg, src.msg);
+	strncpy(msg, src.msg, MSG_SIZE);
+	msg[MSG_SIZE] = 0;
 #endif
 }
 
@@ -71,7 +72,8 @@ Exception& Exception::operator=(const Exception& src)
 #if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
 	strcpy_s(msg, sizeof msg, src.msg);
 #else
-	strcpy(msg, src.msg);
+	strncpy(msg, src.msg, MSG_SIZE);
+	msg[MSG_SIZE] = 0;
 #endif
 	return *this;
 }
diff --git a/src/main/cpp/smtpappender.cpp b/src/main/cpp/smtpappender.cpp
index e8ffcb48..b295c1cf 100644
--- a/src/main/cpp/smtpappender.cpp
+++ b/src/main/cpp/smtpappender.cpp
@@ -192,6 +192,7 @@ class SMTPMessage
 			const LogString msg, Pool& p)
 		{
 			message = smtp_add_message(session);
+			current_len = str.length();
 			body = current = toMessage(msg, p);
 			messagecbState = 0;
 			smtp_set_reverse_path(message, toAscii(from, p));
@@ -216,6 +217,7 @@ class SMTPMessage
 		smtp_message_t message;
 		const char* body;
 		const char* current;
+		size_t current_len;
 		int messagecbState;
 		void addRecipients(const LogString& addresses, const char* field, Pool& p)
 		{
@@ -333,7 +335,7 @@ class SMTPMessage
 
 				if (pThis->current)
 				{
-					*len = strlen(pThis->current);
+					*len = strnlen_s(pThis->current, pThis->current_len);
 				}
 
 				retval = pThis->current;
diff --git a/src/main/include/log4cxx/private/string_c11.h b/src/main/include/log4cxx/private/string_c11.h
new file mode 100644
index 00000000..5113db5a
--- /dev/null
+++ b/src/main/include/log4cxx/private/string_c11.h
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef LOG4CXX_STRING_C11_H
+#define LOG4CXX_STRING_C11_H
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <string.h>
+#include <stdint.h> // RSIZE_MAX
+
+#if !defined(__STDC_LIB_EXT1__) && !defined(__STDC_SECURE_LIB__)
+static size_t strnlen_s( const char *str, size_t strsz )
+{
+    size_t result = 0;
+    if (!str)
+        ;
+    else while (*str++ != 0 && result < strsz)
+		++result;
+	return result;
+}
+static int strcat_s(char* destArg, size_t destsz, const char* src)
+{
+	if (!src || !destArg || RSIZE_MAX < destsz)
+		return -1;
+	char* dest = destArg;
+	size_t index = 0;
+	while (*dest && index < destsz)
+		++index, ++dest;
+	while (*src && index < destsz)
+	{
+		*dest++ = *src++;
+		++index;
+	}
+	if (*src)
+	{
+		*destArg = 0;
+		return -2;
+	}
+	return 0;
+}
+#endif
+
+#endif /* LOG4CXX_STRING_C11_H */
diff --git a/src/test/cpp/helpers/charsetdecodertestcase.cpp b/src/test/cpp/helpers/charsetdecodertestcase.cpp
index 0493ba2e..9fc58a14 100644
--- a/src/test/cpp/helpers/charsetdecodertestcase.cpp
+++ b/src/test/cpp/helpers/charsetdecodertestcase.cpp
@@ -15,6 +15,7 @@
  * limitations under the License.
  */
 
+#include <log4cxx/private/string_c11.h>
 #include <log4cxx/helpers/charsetdecoder.h>
 #include "../logunit.h"
 #include "../insertwide.h"
@@ -63,11 +64,7 @@ public:
 		char buf[BUFSIZE + 6];
 		memset(buf, 'A', BUFSIZE);
 		buf[BUFSIZE - 3] = 0;
-#if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
 		strcat_s(buf, sizeof buf, "Hello");
-#else
-		strcat(buf, "Hello");
-#endif
 		ByteBuffer src(buf, strlen(buf));
 
 		CharsetDecoderPtr dec(CharsetDecoder::getDefaultDecoder());