fix: Replace strncpy with strlcpy for robustness (#1533)

Author: Skyaero42

Core/Libraries/Source/WWVegas/WW3D2/collect.cpp

@@ -1015,7 +1015,7 @@ WW3DErrorType CollectionDefClass::Load(ChunkLoadClass & cload)
 	if (cload.Read(&header,sizeof(header)) != sizeof(header)) goto Error;
 	if (!cload.Close_Chunk()) goto Error;
 
-	strncpy(Name,header.Name,W3D_NAME_LEN);
+	strlcpy(Name,header.Name,W3D_NAME_LEN);
 	ObjectNames.Resize(header.RenderObjectCount);
 
 	while (cload.Open_Chunk()) {

Core/Libraries/Source/WWVegas/WW3D2/hcanim.cpp

@@ -264,7 +264,7 @@ int HCompressedAnimClass::Load_W3D(ChunkLoadClass & cload)
    WWASSERT(HierarchyName != NULL);
    WWASSERT(aheader.HierarchyName != NULL);
    WWASSERT(sizeof(HierarchyName) >= W3D_NAME_LEN);
-   strncpy(HierarchyName,aheader.HierarchyName,W3D_NAME_LEN);
+   strlcpy(HierarchyName,aheader.HierarchyName,W3D_NAME_LEN);
 
 	HTreeClass * base_pose = WW3DAssetManager::Get_Instance()->Get_HTree(HierarchyName);
 	if (base_pose == NULL) {

Core/Libraries/Source/WWVegas/WW3D2/hmdldef.cpp

@@ -149,10 +149,8 @@ int HModelDefClass::Load_W3D(ChunkLoadClass & cload)
 	/*
 	** process the header info
 	*/
-	strncpy(ModelName,header.Name,W3D_NAME_LEN);
-	ModelName[W3D_NAME_LEN - 1] = 0;
-	strncpy(BasePoseName,header.HierarchyName,W3D_NAME_LEN);
-	BasePoseName[W3D_NAME_LEN-1] = 0;
+	strlcpy(ModelName,header.Name,W3D_NAME_LEN);
+	strlcpy(BasePoseName,header.HierarchyName,W3D_NAME_LEN);
 	strcpy(Name,ModelName);
 
 	/*

Core/Libraries/Source/WWVegas/WW3D2/w3d_dep.cpp

@@ -532,9 +532,9 @@ static void Get_W3D_Name (const char *filename, char *w3d_name)
 
 	// Copy all characters from start to end (excluding 'end')
 	// into the w3d_name buffer. Then capitalize the string.
-	memset(w3d_name, 0, W3D_NAME_LEN);	// blank out the buffer
 	int num_chars = end - start;
-	strncpy(w3d_name, start, num_chars < W3D_NAME_LEN ? num_chars : W3D_NAME_LEN-1);
+	WWASSERT(num_chars <= W3D_NAME_LEN);
+	strlcpy(w3d_name, start, min(W3D_NAME_LEN, num_chars));
 	strupr(w3d_name);
 }
 

Core/Libraries/Source/WWVegas/WWDownload/Download.cpp

@@ -19,6 +19,7 @@
 // Download.cpp : Implementation of CDownload
 #include "DownloadDebug.h"
 #include "Download.h"
+#include "stringex.h"
 #include <mmsystem.h>
 #include <assert.h>
 #include <direct.h>
@@ -69,15 +70,15 @@ HRESULT CDownload::DownloadFile(LPCSTR server, LPCSTR username, LPCSTR password,
 	_mkdir("download");
 
 	// Copy parameters to member variables.
-	strncpy( m_Server, server, sizeof( m_Server ) );
-	strncpy( m_Login, username, sizeof( m_Login ) );
-	strncpy( m_Password, password, sizeof( m_Password ) );
-	strncpy( m_File, file, sizeof( m_File ) );
-	strncpy( m_LocalFile, localfile, sizeof( m_LocalFile ) );
+	strlcpy( m_Server, server, sizeof( m_Server ) );
+	strlcpy( m_Login, username, sizeof( m_Login ) );
+	strlcpy( m_Password, password, sizeof( m_Password ) );
+	strlcpy( m_File, file, sizeof( m_File ) );
+	strlcpy( m_LocalFile, localfile, sizeof( m_LocalFile ) );
 
-	strncpy( m_LastLocalFile, localfile, sizeof( m_LastLocalFile ) );
+	strlcpy( m_LastLocalFile, localfile, sizeof( m_LastLocalFile ) );
 
-	strncpy( m_RegKey, regkey, sizeof( m_RegKey ) );
+	strlcpy( m_RegKey, regkey, sizeof( m_RegKey ) );
 	m_TryResume = tryresume;
 	m_StartPosition=0;
 
@@ -113,8 +114,7 @@ HRESULT CDownload::GetLastLocalFile(char *local_file, int maxlen) {
 	if (local_file==0)
 		return(E_FAIL);
 
-	strncpy(local_file, m_LastLocalFile, maxlen);
-	local_file[maxlen-1]=0;
+	strlcpy(local_file, m_LastLocalFile, maxlen);
 
 	return(S_OK);
 }

Core/Libraries/Source/WWVegas/WWDownload/FTP.CPP

@@ -38,6 +38,7 @@
 #include <errno.h>
 //#include "wlib/wstring.h"
 
+#include "stringex.h"
 #include "DownloadDebug.h"
 
 // umm... what?? BGC 3/27/03
@@ -324,7 +325,7 @@ HRESULT  Cftp::ConnectToServer(LPCSTR szServerName)
 	char                buffer[ 256 ];
 	int                 iReply, error;
 
-	strncpy( m_szServerName, szServerName, 128 );
+	strlcpy( m_szServerName, szServerName, sizeof(m_szServerName));
 
 	if( m_iStatus == FTPSTAT_INIT )
 	{
@@ -487,8 +488,8 @@ HRESULT  Cftp::LoginToServer( LPCSTR szUserName, LPCSTR szPassword )
 	char command[ 256 ];
 	int iReply;
 
-	strncpy( m_szUserName, szUserName, 128 );
-	strncpy( m_szPassword, szPassword, 128 );
+	strlcpy( m_szUserName, szUserName, sizeof(m_szUserName));
+	strlcpy( m_szPassword, szPassword, sizeof(m_szPassword));
 
 	memset( command, 0, 256 );
 
@@ -1396,7 +1397,7 @@ HRESULT  Cftp::GetNextFileBlock( LPCSTR szLocalFileName, int * piTotalRead )
 
 	//char str[ 256 ];
 
-	strncpy( m_szLocalFileName, szLocalFileName, 256 );
+	strlcpy( m_szLocalFileName, szLocalFileName, sizeof(m_szLocalFileName));
 
 	// Open local file
 
@@ -1830,8 +1831,7 @@ bool Prepare_Directories(const char *rootdir, const char *filename)
 	const char *cptr=filename;
 	while(cptr=strchr(cptr,'\\'))
 	{
-		memset(tempstr,0,256);
-		strncpy(tempstr,filename,cptr-filename);
+		strlcpy(tempstr,filename,cptr-filename + 1);
 		sprintf(newdir,"%s\\%s",rootdir, tempstr);
 		if (!CreateDirectory(newdir, NULL))
 			return false;

Core/Libraries/Source/WWVegas/WWLib/TARGA.CPP

@@ -713,7 +713,7 @@ long Targa::Save(const char* name, long flags, bool addextension)
 			if (!error) {
 
 				mExtension.ExtSize = 495;
-				strncpy(mExtension.SoftID, "Denzil's Targa Code", 41);
+				strlcpy(mExtension.SoftID, "Denzil's Targa Code", sizeof(mExtension.SoftID));
 				mExtension.SoftVer.Number = (1 * 100);
 				mExtension.SoftVer.Letter = 0;
 
@@ -735,7 +735,7 @@ long Targa::Save(const char* name, long flags, bool addextension)
 		if (!error)
 			{
 			footer.Developer = 0;
-			strncpy(footer.Signature, TGA2_SIGNATURE, 16);
+			strlcpy(footer.Signature, TGA2_SIGNATURE, sizeof(footer.Signature));
 			footer.RsvdChar = '.';
 			footer.BZST = 0;
 

Core/Libraries/Source/WWVegas/WWLib/cpudetect.cpp

@@ -802,7 +802,7 @@ void CPUDetectClass::Init_Processor_String()
 			case INTEL_PROCESSOR_PENTIUM4:						str+="Pentium4"; break;
 			}
 		}
-		strncpy(ProcessorString,str.str(),sizeof(ProcessorString));
+		strlcpy(ProcessorString,str.str(),sizeof(ProcessorString));
 	}
 
 }

Core/Libraries/Source/WWVegas/WWLib/ini.cpp

@@ -1150,8 +1150,7 @@ bool INIClass::Put_TextBlock(char const * section, char const * text)
 
 		char buffer[128];
 
-		strncpy(buffer, text, 75);
-		buffer[75] = '\0';
+		strlcpy(buffer, text, 76);
 
 		char b[32];
 		sprintf(b, "%d", index);
@@ -1724,8 +1723,7 @@ int INIClass::Get_String(char const * section, char const * entry, char const *
 		buffer[0] = '\0';
 		return(0);
 	} else {
-		strncpy(buffer, defvalue, size);
-		buffer[size-1] = '\0';
+		strlcpy(buffer, defvalue, size);
 		strtrim(buffer);
 		return(strlen(buffer));
 	}

Core/Libraries/Source/debug/CMakeLists.txt

@@ -34,5 +34,6 @@ target_include_directories(core_debug INTERFACE
 
 target_link_libraries(core_debug PRIVATE
     core_config
+    core_wwcommon
     corei_always
 )