You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by sw...@apache.org on 2023/01/23 01:23:36 UTC
[logging-log4cxx] 01/01: Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions
This is an automated email from the ASF dual-hosted git repository.
swebb2066 pushed a commit to branch fix_sonar_cloud_errors
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git
commit 398940c6a3e880f15c01ba6d3a45cfd8ee3b39f3
Author: Stephen Webb <st...@sabreautonomous.com.au>
AuthorDate: Mon Jan 23 12:23:07 2023 +1100
Replace unsafe C functions with C11 standard (ISO/IEC 9899:2011) functions
---
src/main/cpp/domconfigurator.cpp | 7 ++--
src/main/cpp/exception.cpp | 8 ++--
src/main/cpp/smtpappender.cpp | 4 +-
src/main/include/log4cxx/private/string_c11.h | 56 +++++++++++++++++++++++++
src/test/cpp/helpers/charsetdecodertestcase.cpp | 5 +--
5 files changed, 69 insertions(+), 11 deletions(-)
diff --git a/src/main/cpp/domconfigurator.cpp b/src/main/cpp/domconfigurator.cpp
index 360b9bfb..886ceee0 100644
--- a/src/main/cpp/domconfigurator.cpp
+++ b/src/main/cpp/domconfigurator.cpp
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
+#include <log4cxx/private/string_c11.h>
#include <log4cxx/logstring.h>
#include <log4cxx/xml/domconfigurator.h>
#include <log4cxx/appender.h>
@@ -56,6 +56,8 @@ using namespace log4cxx::spi;
using namespace log4cxx::config;
using namespace log4cxx::rolling;
+#define MAX_ATTRIBUTE_NAME_LEN 200
+
struct DOMConfigurator::DOMConfiguratorPrivate
{
helpers::Properties props;
@@ -63,7 +65,6 @@ struct DOMConfigurator::DOMConfiguratorPrivate
spi::LoggerFactoryPtr loggerFactory;
};
-
#if APR_HAS_THREADS
namespace log4cxx
{
@@ -1147,7 +1148,7 @@ LogString DOMConfigurator::getAttribute(
{
if (attrName == attr->name)
{
- ByteBuffer buf((char*) attr->value, strlen(attr->value));
+ ByteBuffer buf((char*) attr->value, strnlen_s(attr->value, MAX_ATTRIBUTE_NAME_LEN));
utf8Decoder->decode(buf, attrValue);
}
}
diff --git a/src/main/cpp/exception.cpp b/src/main/cpp/exception.cpp
index 7eeaf005..71c4b476 100644
--- a/src/main/cpp/exception.cpp
+++ b/src/main/cpp/exception.cpp
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
+#define __STDC_WANT_LIB_EXT1__ 1
#include <log4cxx/logstring.h>
#include <log4cxx/helpers/exception.h>
#include <string.h>
@@ -62,7 +62,8 @@ Exception::Exception(const Exception& src) : std::exception()
#if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
strcpy_s(msg, sizeof msg, src.msg);
#else
- strcpy(msg, src.msg);
+ strncpy(msg, src.msg, MSG_SIZE);
+ msg[MSG_SIZE] = 0;
#endif
}
@@ -71,7 +72,8 @@ Exception& Exception::operator=(const Exception& src)
#if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
strcpy_s(msg, sizeof msg, src.msg);
#else
- strcpy(msg, src.msg);
+ strncpy(msg, src.msg, MSG_SIZE);
+ msg[MSG_SIZE] = 0;
#endif
return *this;
}
diff --git a/src/main/cpp/smtpappender.cpp b/src/main/cpp/smtpappender.cpp
index e8ffcb48..b295c1cf 100644
--- a/src/main/cpp/smtpappender.cpp
+++ b/src/main/cpp/smtpappender.cpp
@@ -192,6 +192,7 @@ class SMTPMessage
const LogString msg, Pool& p)
{
message = smtp_add_message(session);
+ current_len = str.length();
body = current = toMessage(msg, p);
messagecbState = 0;
smtp_set_reverse_path(message, toAscii(from, p));
@@ -216,6 +217,7 @@ class SMTPMessage
smtp_message_t message;
const char* body;
const char* current;
+ size_t current_len;
int messagecbState;
void addRecipients(const LogString& addresses, const char* field, Pool& p)
{
@@ -333,7 +335,7 @@ class SMTPMessage
if (pThis->current)
{
- *len = strlen(pThis->current);
+ *len = strnlen_s(pThis->current, pThis->current_len);
}
retval = pThis->current;
diff --git a/src/main/include/log4cxx/private/string_c11.h b/src/main/include/log4cxx/private/string_c11.h
new file mode 100644
index 00000000..5113db5a
--- /dev/null
+++ b/src/main/include/log4cxx/private/string_c11.h
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef LOG4CXX_STRING_C11_H
+#define LOG4CXX_STRING_C11_H
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <string.h>
+#include <stdint.h> // RSIZE_MAX
+
+#if !defined(__STDC_LIB_EXT1__) && !defined(__STDC_SECURE_LIB__)
+static size_t strnlen_s( const char *str, size_t strsz )
+{
+ size_t result = 0;
+ if (!str)
+ ;
+ else while (*str++ != 0 && result < strsz)
+ ++result;
+ return result;
+}
+static int strcat_s(char* destArg, size_t destsz, const char* src)
+{
+ if (!src || !destArg || RSIZE_MAX < destsz)
+ return -1;
+ char* dest = destArg;
+ size_t index = 0;
+ while (*dest && index < destsz)
+ ++index, ++dest;
+ while (*src && index < destsz)
+ {
+ *dest++ = *src++;
+ ++index;
+ }
+ if (*src)
+ {
+ *destArg = 0;
+ return -2;
+ }
+ return 0;
+}
+#endif
+
+#endif /* LOG4CXX_STRING_C11_H */
diff --git a/src/test/cpp/helpers/charsetdecodertestcase.cpp b/src/test/cpp/helpers/charsetdecodertestcase.cpp
index 0493ba2e..9fc58a14 100644
--- a/src/test/cpp/helpers/charsetdecodertestcase.cpp
+++ b/src/test/cpp/helpers/charsetdecodertestcase.cpp
@@ -15,6 +15,7 @@
* limitations under the License.
*/
+#include <log4cxx/private/string_c11.h>
#include <log4cxx/helpers/charsetdecoder.h>
#include "../logunit.h"
#include "../insertwide.h"
@@ -63,11 +64,7 @@ public:
char buf[BUFSIZE + 6];
memset(buf, 'A', BUFSIZE);
buf[BUFSIZE - 3] = 0;
-#if defined(__STDC_LIB_EXT1__) || defined(__STDC_SECURE_LIB__)
strcat_s(buf, sizeof buf, "Hello");
-#else
- strcat(buf, "Hello");
-#endif
ByteBuffer src(buf, strlen(buf));
CharsetDecoderPtr dec(CharsetDecoder::getDefaultDecoder());