Improve memory safety in the DOS Drive Cache class

- Fix Bitu printf format type - Check a pointer prior to dereferencing it - Prevent writing one-beyond the last index - Replace strcpy with with helper safe_strcpy, provided by @dreamer - thank you! - Replace strcat with strncat - Add constructor intializers for scalars and arrays - Initialize and replace 0-value pointers with nullptr - Pass in the buffer length when strncpy'ing into a function variable
2019-12-05 23:24:15 -08:00 · 2019-12-05 23:24:15 -08:00 · cff6b05559
commit cff6b05559
parent 88cdd8d3a0
4 changed files with 200 additions and 115 deletions
--- a/include/dos_system.h
+++ b/include/dos_system.h
@ -130,6 +130,8 @@ public:
 	void Flush(void);
 	FILE * fhandle; //todo handle this properly
 private:
+	localFile(const localFile&); // prevent copying
+	localFile& operator= (const localFile&); // prevent assignment
 	bool read_only_medium;
 	enum { NONE,READ,WRITE } last_action;
 };
@ -172,11 +174,17 @@ public:

 	class CFileInfo {
 	public:
-		CFileInfo(void) {
-			orgname[0] = shortname[0] = 0;
-			isOverlayDir = isDir = false;
-			id = MAX_OPENDIRS;
-			nextEntry = shortNr = 0;
+		CFileInfo(void)
+			: orgname{0},
+			  shortname{0},
+			  isOverlayDir(false),
+			  isDir(false),
+			  id(MAX_OPENDIRS),
+			  nextEntry(0),
+			  shortNr(0),
+			  fileList(0),
+			  longNameList(0)
+		{
 		}
 		~CFileInfo(void) {
 			for (Bit32u i=0; i<fileList.size(); i++) delete fileList[i];
@ -196,11 +204,13 @@ public:
 	};

 private:
+	DOS_Drive_Cache(const DOS_Drive_Cache&); // prevent copying
+	DOS_Drive_Cache& operator= (const DOS_Drive_Cache&); // prevent assignment
 	void ClearFileInfo(CFileInfo *dir);
 	void DeleteFileInfo(CFileInfo *dir);

 	bool		RemoveTrailingDot	(char* shortname);
-	Bits		GetLongName		(CFileInfo* info, char* shortname);
+	Bits		GetLongName		(CFileInfo* info, char* shortname, const size_t shortname_len);
 	void		CreateShortName		(CFileInfo* dir, CFileInfo* info);
 	Bitu		CreateShortNameID	(CFileInfo* dir, const char* name);
 	int		CompareShortname	(const char* compareName, const char* shortName);
--- a/include/support.h
+++ b/include/support.h
@ -21,9 +21,10 @@
 #define DOSBOX_SUPPORT_H

 #include <algorithm>
+#include <cstdio>
+#include <ctype.h>
 #include <string.h>
 #include <string>
-#include <ctype.h>
 #ifndef DOSBOX_DOSBOX_H
 #include "dosbox.h"
 #endif
@ -33,6 +34,27 @@
 #define strncasecmp(a,b,n) _strnicmp(a,b,n)
 #endif

+/// Copy a string into C array
+///
+/// This function copies string pointed by src to fixed-size buffer dst.
+/// At most N bytes from src are copied, where N is size of dst.
+/// If exactly N bytes are copied, then terminating null byte is put
+/// into buffer, thus buffer overrun is prevented.
+///
+/// Function returns pointer to buffer to be compatible with std::strcpy.
+///
+/// Usage:
+///
+///     char buffer[2];
+///     safe_strcpy(buffer, "abc");
+///     // buffer is filled with "a"
+
+template<size_t N>
+char * safe_strcpy(char (& dst)[N], const char * src) noexcept {
+    snprintf(dst, N, "%s", src);
+    return & dst[0];
+}
+
 #define safe_strncpy(a,b,n) do { strncpy((a),(b),(n)-1); (a)[(n)-1] = 0; } while (0)

 #ifdef HAVE_STRINGS_H