From eb079ab441cd4822b1fe30ed95aacb2f787d4bcf Mon Sep 17 00:00:00 2001
From: Arnaud Giersch <arnaud.giersch@univ-fcomte.fr>
Date: Sat, 9 Sep 2017 00:09:45 +0200
Subject: [PATCH] Fix potential buffer overflows.

---
 src/xbt/cunit.cpp          | 20 ++++++++++----------
 tools/sg_unit_extractor.pl | 14 ++++++--------
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/xbt/cunit.cpp b/src/xbt/cunit.cpp
index 1bf81768e8..9da7c7ea5f 100644
--- a/src/xbt/cunit.cpp
+++ b/src/xbt/cunit.cpp
@@ -16,6 +16,8 @@
 #include "xbt/cunit.h"
 #include "xbt/dynar.h"
 
+#define STRLEN 1024
+
 /* collection of all suites */
 static xbt_dynar_t _xbt_test_suites = nullptr;
 /* global statistics */
@@ -454,15 +456,15 @@ static void apply_selection(char *selection)
   /* for the parsing */
   char *sel = selection;
   int done = 0;
-  char dir[1024];               /* the directive */
+  char dir[STRLEN]; /* the directive */
   /* iterators */
   unsigned int it_suite;
   xbt_test_suite_t suite;
   xbt_test_unit_t unit;
   unsigned int it_unit;
 
-  char suitename[512];
-  char unitname[512];
+  char suitename[STRLEN];
+  char unitname[STRLEN];
 
   if (not selection || selection[0] == '\0')
     return;
@@ -475,11 +477,10 @@ static void apply_selection(char *selection)
 
     char *p = strchr(sel, ',');
     if (p) {
-      strncpy(dir, sel, p - sel);
-      dir[p - sel] = '\0';
+      snprintf(dir, STRLEN, "%.*s", (int)(p - sel), sel);
       sel = p + 1;
     } else {
-      strncpy(dir, sel,1024);
+      snprintf(dir, STRLEN, "%s", sel);
       done = 1;
     }
 
@@ -494,11 +495,10 @@ static void apply_selection(char *selection)
 
     p = strchr(dir, ':');
     if (p) {
-      strncpy(unitname, p + 1,512);
-      strncpy(suitename, dir, p - dir);
-      suitename[p - dir] = '\0';
+      snprintf(suitename, STRLEN, "%.*s", (int)(p - dir), dir);
+      snprintf(unitname, STRLEN, "%s", p + 1);
     } else {
-      strncpy(suitename, dir,512);
+      snprintf(suitename, STRLEN, "%s", dir);
       unitname[0] = '\0';
     }
 
diff --git a/tools/sg_unit_extractor.pl b/tools/sg_unit_extractor.pl
index e626e3d096..8b2083fffc 100755
--- a/tools/sg_unit_extractor.pl
+++ b/tools/sg_unit_extractor.pl
@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 
-# Copyright (c) 2005-2012, 2014. The SimGrid Team. All rights reserved.
+# Copyright (c) 2005-2012, 2014-2017. The SimGrid Team. All rights reserved.
 
 # This program is free software; you can redistribute it and/or modify it
 # under the terms of the license (GNU LGPL) which comes with this package.
@@ -126,6 +126,7 @@ sub process_one($) {
 	print OUT "#include <stdio.h>\n\n";
 	print OUT "#include \"xbt.h\"\n\n";
 	print OUT "extern xbt_test_unit_t _xbt_current_unit;\n\n";
+	print OUT "#define STRLEN 1024\n";
 	print OUT "/* SGU: BEGIN PROTOTYPES */\n";
 	print OUT "/* SGU: END PROTOTYPES */\n\n";
 	print OUT $GENERATED;
@@ -133,7 +134,7 @@ sub process_one($) {
 	print OUT <<EOF;
 int main(int argc, char *argv[]) {
   xbt_test_suite_t suite; 
-  char selection[1024];
+  char selection[STRLEN];
   int verbosity = 0;
   int i;
   int res;
@@ -148,12 +149,9 @@ int main(int argc, char *argv[]) {
     for (i=1;i<argc;i++) {
       if (!strncmp(argv[i],\"--tests=\",strlen(\"--tests=\"))) {
         char *p=strchr(argv[i],'=')+1;
-        if (selection[0] == '\\0') {
-          strncpy(selection,p,1024);
-        } else {
-          strncat(selection, \",\",1);
-          strncat(selection, p, 1023);
-        }
+        if (selection[0] != '\\0')
+          strncat(selection, \",\", STRLEN - 1 - strlen(selection));
+        strncat(selection, p, STRLEN - 1 - strlen(selection));
       } else if (!strcmp(argv[i], \"--verbose\")) {
         verbosity++;
       } else if (!strcmp(argv[i], \"--dump-only\")||
-- 
2.20.1