You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by sw...@apache.org on 2023/01/23 01:23:36 UTC

[logging-log4cxx] 01/01: Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions

This is an automated email from the ASF dual-hosted git repository.

swebb2066 pushed a commit to branch fix_sonar_cloud_errors
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git

commit 398940c6a3e880f15c01ba6d3a45cfd8ee3b39f3
Author: Stephen Webb <st...@sabreautonomous.com.au>
AuthorDate: Mon Jan 23 12:23:07 2023 +1100

    Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions
---
 src/main/cpp/domconfigurator.cpp                |  7 ++--
 src/main/cpp/exception.cpp                      |  8 ++--
 src/main/cpp/smtpappender.cpp                   |  4 +-
 src/main/include/log4cxx/private/string_c11.h   | 56 +++++++++++++++++++++++++
 src/test/cpp/helpers/charsetdecodertestcase.cpp |  5 +--
 5 files changed, 69 insertions(+), 11 deletions(-)

diff --git a/src/main/cpp/domconfigurator.cpp b/src/main/cpp/domconfigurator.cpp
index 360b9bfb..886ceee0 100644
--- a/src/main/cpp/domconfigurator.cpp
+++ b/src/main/cpp/domconfigurator.cpp
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
+#include <log4cxx/private/string_c11.h>
 #include <log4cxx/logstring.h>
 #include <log4cxx/xml/domconfigurator.h>
 #include <log4cxx/appender.h>
@@ -56,6 +56,8 @@ using namespace log4cxx::spi;
 using namespace log4cxx::config;
 using namespace log4cxx::rolling;
 
+#define MAX_ATTRIBUTE_NAME_LEN 200
+
 struct DOMConfigurator::DOMConfiguratorPrivate
 {
 	helpers::Properties props;
@@ -63,7 +65,6 @@ struct DOMConfigurator::DOMConfiguratorPrivate
 	spi::LoggerFactoryPtr loggerFactory;
 };
 
-
 #if APR_HAS_THREADS
 namespace log4cxx
 {
@@ -1147,7 +1148,7 @@ LogString DOMConfigurator::getAttribute(
 	{
 		if (attrName == attr->name)
 		{
-			ByteBuffer buf((char*) attr->value, strlen(attr->value));
+			ByteBuffer buf((char*) attr->value, strnlen_s(attr->value, MAX_ATTRIBUTE_NAME_LEN));
 			utf8Decoder->decode(buf, attrValue);
 		}
 	}
diff --git a/src/main/cpp/exception.cpp b/src/main/cpp/exception.cpp
index 7eeaf005..71c4b476 100644
--- a/src/main/cpp/exception.cpp
+++ b/src/main/cpp/exception.cpp
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
+#define __STDC_WANT_LIB_EXT1__ 1
 #include <log4cxx/logstring.h>
 #include <log4cxx/helpers/exception.h>
 #include <string.h>
@@ -62,7 +62,8 @@ Exception::Exception(const Exception& src) : std::exception()
 #if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
 	strcpy_s(msg, sizeof msg, src.msg);
 #else
-	strcpy(msg, src.msg);
+	strncpy(msg, src.msg, MSG_SIZE);
+	msg[MSG_SIZE] = 0;
 #endif
 }
 
@@ -71,7 +72,8 @@ Exception& Exception::operator=(const Exception& src)
 #if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
 	strcpy_s(msg, sizeof msg, src.msg);
 #else
-	strcpy(msg, src.msg);
+	strncpy(msg, src.msg, MSG_SIZE);
+	msg[MSG_SIZE] = 0;
 #endif
 	return *this;
 }
diff --git a/src/main/cpp/smtpappender.cpp b/src/main/cpp/smtpappender.cpp
index e8ffcb48..b295c1cf 100644
--- a/src/main/cpp/smtpappender.cpp
+++ b/src/main/cpp/smtpappender.cpp
@@ -192,6 +192,7 @@ class SMTPMessage
 			const LogString msg, Pool& p)
 		{
 			message = smtp_add_message(session);
+			current_len = str.length();
 			body = current = toMessage(msg, p);
 			messagecbState = 0;
 			smtp_set_reverse_path(message, toAscii(from, p));
@@ -216,6 +217,7 @@ class SMTPMessage
 		smtp_message_t message;
 		const char* body;
 		const char* current;
+		size_t current_len;
 		int messagecbState;
 		void addRecipients(const LogString& addresses, const char* field, Pool& p)
 		{
@@ -333,7 +335,7 @@ class SMTPMessage
 
 				if (pThis->current)
 				{
-					*len = strlen(pThis->current);
+					*len = strnlen_s(pThis->current, pThis->current_len);
 				}
 
 				retval = pThis->current;
diff --git a/src/main/include/log4cxx/private/string_c11.h b/src/main/include/log4cxx/private/string_c11.h
new file mode 100644
index 00000000..5113db5a
--- /dev/null
+++ b/src/main/include/log4cxx/private/string_c11.h
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef LOG4CXX_STRING_C11_H
+#define LOG4CXX_STRING_C11_H
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <string.h>
+#include <stdint.h> // RSIZE_MAX
+
+#if !defined(__STDC_LIB_EXT1__) && !defined(__STDC_SECURE_LIB__)
+static size_t strnlen_s( const char *str, size_t strsz )
+{
+    size_t result = 0;
+    if (!str)
+        ;
+    else while (*str++ != 0 && result < strsz)
+		++result;
+	return result;
+}
+static int strcat_s(char* destArg, size_t destsz, const char* src)
+{
+	if (!src || !destArg || RSIZE_MAX < destsz)
+		return -1;
+	char* dest = destArg;
+	size_t index = 0;
+	while (*dest && index < destsz)
+		++index, ++dest;
+	while (*src && index < destsz)
+	{
+		*dest++ = *src++;
+		++index;
+	}
+	if (*src)
+	{
+		*destArg = 0;
+		return -2;
+	}
+	return 0;
+}
+#endif
+
+#endif /* LOG4CXX_STRING_C11_H */
diff --git a/src/test/cpp/helpers/charsetdecodertestcase.cpp b/src/test/cpp/helpers/charsetdecodertestcase.cpp
index 0493ba2e..9fc58a14 100644
--- a/src/test/cpp/helpers/charsetdecodertestcase.cpp
+++ b/src/test/cpp/helpers/charsetdecodertestcase.cpp
@@ -15,6 +15,7 @@
  * limitations under the License.
  */
 
+#include <log4cxx/private/string_c11.h>
 #include <log4cxx/helpers/charsetdecoder.h>
 #include "../logunit.h"
 #include "../insertwide.h"
@@ -63,11 +64,7 @@ public:
 		char buf[BUFSIZE + 6];
 		memset(buf, 'A', BUFSIZE);
 		buf[BUFSIZE - 3] = 0;
-#if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
 		strcat_s(buf, sizeof buf, "Hello");
-#else
-		strcat(buf, "Hello");
-#endif
 		ByteBuffer src(buf, strlen(buf));
 
 		CharsetDecoderPtr dec(CharsetDecoder::getDefaultDecoder());