make checkers happier by reducing use of strcpy and strcat

doc/examples/tlsauthentication.c

@@ -124,6 +124,7 @@ ask_for_authentication (struct MHD_Connection *connection, const char *realm)
   int ret;
   struct MHD_Response *response;
   char *headervalue;
+  size_t slen;
   const char *strbase = "Basic realm=";
 
   response = MHD_create_response_from_buffer (0, NULL,
@@ -131,37 +132,44 @@ ask_for_authentication (struct MHD_Connection *connection, const char *realm)
   if (!response)
     return MHD_NO;
 
-  headervalue = malloc (strlen (strbase) + strlen (realm) + 1);
-  if (!headervalue)
+  slen = strlen (strbase) + strlen (realm) + 1;
+  if (NULL == (headervalue = malloc (slen)))
     return MHD_NO;
-
-  strcpy (headervalue, strbase);
-  strcat (headervalue, realm);
-
-  ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue);
+  snprintf (headervalue,
+	    slen,
+	    "%s%s",
+	    strbase,
+	    realm);
+  ret = MHD_add_response_header (response,
+				 "WWW-Authenticate",
+				 headervalue);
   free (headervalue);
-  if (!ret)
+  if (! ret)
     {
       MHD_destroy_response (response);
       return MHD_NO;
     }
 
-  ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
-
+  ret = MHD_queue_response (connection,
+			    MHD_HTTP_UNAUTHORIZED,
+			    response);
   MHD_destroy_response (response);
-
   return ret;
 }
 
+
 static int
 is_authenticated (struct MHD_Connection *connection,
-                  const char *username, const char *password)
+                  const char *username,
+		  const char *password)
 {
   const char *headervalue;
-  char *expected_b64, *expected;
+  char *expected_b64;
+  char *expected;
   const char *strbase = "Basic ";
   int authenticated;
-
+  size_t slen;
+  
   headervalue =
     MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
                                  "Authorization");
@@ -170,14 +178,14 @@ is_authenticated (struct MHD_Connection *connection,
   if (0 != strncmp (headervalue, strbase, strlen (strbase)))
     return 0;
 
-  expected = malloc (strlen (username) + 1 + strlen (password) + 1);
-  if (NULL == expected)
+  slen = strlen (username) + 1 + strlen (password) + 1;
+  if (NULL == (expected = malloc (slen)))
     return 0;
-
-  strcpy (expected, username);
-  strcat (expected, ":");
-  strcat (expected, password);
-
+  snprintf (expected,
+	    slen,
+	    "%s:%s",
+	    username,
+	    password);
   expected_b64 = string_to_base64 (expected);
   free (expected);
   if (NULL == expected_b64)
@@ -185,9 +193,7 @@ is_authenticated (struct MHD_Connection *connection,
 
   authenticated =
     (strcmp (headervalue + strlen (strbase), expected_b64) == 0);
-
   free (expected_b64);
-
   return authenticated;
 }
 

src/lib/connection_call_handlers.c

@@ -1233,6 +1233,7 @@ build_header_response (struct MHD_Request *request)
   struct MHD_HTTP_Header *pos;
   char code[256];
   char date[128];
+  size_t datelen;
   char content_length_buf[128];
   size_t content_length_len;
   char *data;
@@ -1290,7 +1291,8 @@ build_header_response (struct MHD_Request *request)
 			 sizeof (date));
       else
         date[0] = '\0';
-      size += strlen (date);
+      datelen = strlen (date);
+      size += datelen;
     }
   else
     {
@@ -1298,6 +1300,7 @@ build_header_response (struct MHD_Request *request)
       size = 2;
       kind = MHD_FOOTER_KIND;
       off = 0;
+      datelen = 0;
     }
 
   /* calculate extra headers we need to add, such as 'Connection: close',
@@ -1548,9 +1551,10 @@ build_header_response (struct MHD_Request *request)
     }
   if (MHD_REQUEST_FOOTERS_RECEIVED == request->state)
     {
-      strcpy (&data[off],
-              date);
-      off += strlen (date);
+      memcpy (&data[off],
+              date,
+	      datelen);
+      off += datelen;
     }
   memcpy (&data[off],
           "\r\n",

src/microhttpd/connection.c

@@ -1407,6 +1407,7 @@ build_header_response (struct MHD_Connection *connection)
   struct MHD_HTTP_Header *pos;
   char code[256];
   char date[128];
+  size_t datelen;
   char content_length_buf[128];
   size_t content_length_len;
   char *data;
@@ -1461,7 +1462,8 @@ build_header_response (struct MHD_Connection *connection)
 			 sizeof (date));
       else
         date[0] = '\0';
-      size += strlen (date);
+      datelen = strlen (date);
+      size += datelen;
     }
   else
     {
@@ -1469,6 +1471,7 @@ build_header_response (struct MHD_Connection *connection)
       size = 2;
       kind = MHD_FOOTER_KIND;
       off = 0;
+      datelen = 0;
     }
 
   /* calculate extra headers we need to add, such as 'Connection: close',
@@ -1713,9 +1716,10 @@ build_header_response (struct MHD_Connection *connection)
     }
   if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state)
     {
-      strcpy (&data[off],
-              date);
-      off += strlen (date);
+      memcpy (&data[off],
+              date,
+	      datelen);
+      off += datelen;
     }
   memcpy (&data[off],
           "\r\n",

src/microhttpd/digestauth.c

@@ -385,8 +385,10 @@ check_nonce_nc (struct MHD_Connection *connection,
   uint32_t off;
   uint32_t mod;
   const char *np;
+  size_t noncelen;
 
-  if (MAX_NONCE_LENGTH <= strlen (nonce))
+  noncelen = strlen (nonce) + 1;
+  if (MAX_NONCE_LENGTH < noncelen)
     return MHD_NO; /* This should be impossible, but static analysis
                       tools have a hard time with it *and* this also
                       protects against unsafe modifications that may
@@ -413,8 +415,9 @@ check_nonce_nc (struct MHD_Connection *connection,
   if (0 == nc)
     {
       /* Fresh nonce, reinitialize array */
-      strcpy (nn->nonce,
-	      nonce);
+      memcpy (nn->nonce,
+	      nonce,
+	      noncelen);
       nn->nc = 0;
       nn->nmask = 0;
       MHD_mutex_unlock_chk_ (&daemon->nnc_lock);