[master] cleanup strcat/strcpy

4722. [cleanup] Clean up uses of strcpy() and strcat() in favor of strlcpy() and strlcat() for safety. [RT #45981] (cherry picked from commit 114f95089c) (cherry picked from commit 7cd594b842) (cherry picked from commit e0ddfb109e)
2026-06-09 19:19:59 -04:00 · 2017-09-13 00:20:09 -07:00 · 2017-09-13 00:20:09 -07:00 · f07825440f
commit f07825440f
parent 646280bc74
39 changed files with 171 additions and 143 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+4722.	[cleanup]	Clean up uses of strcpy() and strcat() in favor of
+			strlcpy() and strlcat() for safety. [RT #45981]
+
 4719.	[bug]		Address PVS static analyzer warnings. [RT #45946]

 4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@ -211,8 +211,9 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));

 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@ -400,8 +401,9 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));

 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@ -485,8 +487,9 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));

 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@ -1879,7 +1879,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		lookup->trace_root = ISC_TF(lookup->trace ||
 					    lookup->ns_search_only);
 		lookup->new_search = ISC_TRUE;
-		strcpy(lookup->textname, ".");
+		strlcpy(lookup->textname, ".", sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ns;
 		lookup->rdtypeset = ISC_TRUE;
 		if (firstarg) {
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@ -1893,7 +1893,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
 				      namestr, isc_result_totext(lresult));
 				if (addresses_result == ISC_R_SUCCESS) {
 					addresses_result = lresult;
-					strcpy(bad_namestr, namestr);
+					strlcpy(bad_namestr, namestr,
+						sizeof(bad_namestr));
 				}
 			}
 			numLookups += num;
@ -3771,7 +3772,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
 		if (resultp == NULL)
 			fatal("couldn't get address for '%s': %s",
 			      host, isc_result_totext(result));
-		return 0;
+		return (0);
 	}

 	for (i = 0; i < count; i++) {
@ -3781,7 +3782,7 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
 		ISC_LIST_APPEND(lookup->my_server_list, srv, link);
 	}

-	return count;
+	return (count);
 }

 /*%
@ -4054,7 +4055,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org,
 	 */
 	if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success)
 		return (ISC_R_SUCCESS);
-	strcpy(tmp1, tmp2);
+	strlcpy(tmp1, tmp2, MAXDLEN);

 	/*
 	 * Copy the converted contents in 'tmp1' back to 'buffer'.
@ -4081,17 +4082,17 @@ append_textname(char *name, const char *origin, size_t namesize) {

 	/* Already absolute? */
 	if (namelen > 0 && name[namelen - 1] == '.')
-		return idn_success;
+		return (idn_success);

 	/* Append dot and origin */

 	if (namelen + 1 + originlen >= namesize)
-		return idn_buffer_overflow;
+		return (idn_buffer_overflow);

 	if (*origin != '.')
 		name[namelen++] = '.';
-	(void)strcpy(name + namelen, origin);
-	return idn_success;
+	(void)strlcpy(name + namelen, origin, namesize - namelen);
+	return (idn_success);
 }

 static void
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@ -2782,8 +2782,8 @@ writeset(const char *prefix, dns_rdatatype_t type) {
 		sprintf(filename, "%s/", dsdir);
 	else
 		filename[0] = 0;
-	strcat(filename, prefix);
-	strcat(filename, namestr);
+	strlcat(filename, prefix, filenamelen);
+	strlcat(filename, namestr, filenamelen);

 	dns_diff_init(mctx, &diff);

--- a/bin/named/client.c
+++ b/bin/named/client.c
@ -2963,8 +2963,8 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
 			dns_rdataclass_format(rdataset->rdclass, classbuf,
 					      sizeof(classbuf));
 		} else {
-			strcpy(typebuf, "-");
-			strcpy(classbuf, "-");
+			strlcpy(typebuf, "-", sizeof(typebuf));
+			strlcpy(classbuf, "-", sizeof(classbuf));
 		}
 		UNLOCK(&client->query.fetchlock);
 		fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "
--- a/bin/named/main.c
+++ b/bin/named/main.c
@ -1089,11 +1089,11 @@ ns_main_setmemstats(const char *filename) {
 		free(memstats);
 		memstats = NULL;
 	}
+
 	if (filename == NULL)
 		return;
-	memstats = malloc(strlen(filename) + 1);
-	if (memstats)
-		strcpy(memstats, filename);
+
+	memstats = strdup(filename);
 }

 #ifdef HAVE_LIBSCF
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -1581,7 +1581,8 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
 			(s6[prefixlen/8] >> 4) & 0xf);
 		cp += 4;
 	}
-	strcat(cp, "ip6.arpa.");
+
+	strlcat(reverse, "ip6.arpa.", sizeof(reverse));

 	/*
 	 * Create the actual zone.
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@ -979,7 +979,7 @@ getuname(void) {

 	memset(&uts, 0, sizeof(uts));
 	if (uname(&uts) < 0) {
-		strcpy(unamebuf, "unknown architecture");
+		snprintf(unamebuf, sizeof(unamebuf), "unknown architecture");
 		return;
 	}

@ -987,7 +987,7 @@ getuname(void) {
 		 "%s %s %s %s",
 		 uts.sysname, uts.machine, uts.release, uts.version);
 #else
-	strcpy(unamebuf, "unknown architecture");
+	snprintf(unamebuf, sizeof(unamebuf), "unknown architecture");
 #endif
 	unamep = unamebuf;
 }
--- a/bin/tests/db_test.c
+++ b/bin/tests/db_test.c
@ -383,9 +383,7 @@ main(int argc, char *argv[]) {
 	RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) ==
 		      ISC_R_SUCCESS);

-
-
-	strcpy(dbtype, "rbt");
+	snprintf(dbtype, sizeof(dbtype), "rbt");
 	while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT"))
 	       != -1) {
 		switch (ch) {
--- a/bin/tests/hash_test.c
+++ b/bin/tests/hash_test.c
@ -112,7 +112,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacmd5", digest, 4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacmd5_init(&hmacmd5, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
@ -143,7 +143,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha1_init(&hmacsha1, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
@ -174,7 +174,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha224_init(&hmacsha224, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
@ -205,7 +205,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha256_init(&hmacsha256, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
@ -236,7 +236,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha384_init(&hmacsha384, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
@ -267,7 +267,7 @@ main(int argc, char **argv) {
 	print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);

 	s = "what do ya want for nothing?";
-	strcpy((char *)key, "Jefe");
+	strlcpy((char *)key, "Jefe", sizeof(key));
 	isc_hmacsha512_init(&hmacsha512, key, 4);
 	memmove(buffer, s, strlen(s));
 	isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
--- a/bin/tests/shutdown_test.c
+++ b/bin/tests/shutdown_test.c
@ -145,9 +145,10 @@ new_task(isc_mem_t *mctx, const char *name) {
 	ti->ticks = 0;
 	if (name != NULL) {
 		INSIST(strlen(name) < sizeof(ti->name));
-		strcpy(ti->name, name);
-	} else
-		sprintf(ti->name, "%d", task_count);
+		strlcpy(ti->name, name, sizeof(ti->name));
+	} else {
+		snprintf(ti->name, sizeof(ti->name), "%d", task_count);
+	}
 	RUNTIME_CHECK(isc_task_create(task_manager, 0, &ti->task) ==
 		      ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_task_onshutdown(ti->task, shutdown_action, ti) ==
--- a/bin/tests/sock_test.c
+++ b/bin/tests/sock_test.c
@ -182,14 +182,16 @@ my_connect(isc_task_t *task, isc_event_t *event) {
 	 * Send a GET string, and set up to receive (and just display)
 	 * the result.
 	 */
-	strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
-	       "Connection: Close\r\n\r\n");
+	snprintf(buf, sizeof(buf),
+		 "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
+		 "Connection: Close\r\n\r\n");
 	region.base = isc_mem_get(mctx, strlen(buf) + 1);
 	if (region.base != NULL) {
 		region.length = strlen(buf) + 1;
 		strcpy((char *)region.base, buf);  /* This strcpy is safe. */
-	} else
+	} else {
 		region.length = 0;
+	}

 	isc_socket_send(sock, &region, task, my_http_get, event->ev_arg);

--- a/bin/tests/system/dlzexternal/driver.c
+++ b/bin/tests/system/dlzexternal/driver.c
@ -239,6 +239,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
 	va_list ap;
 	char soa_data[200];
 	isc_result_t result;
+	size_t znsize;
 	int n;

 	UNUSED(dlzname);
@ -263,15 +264,17 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
 	}

 	/* Ensure zone name is absolute */
-	state->zone_name = malloc(strlen(argv[1]) + 2);
+	znsize = strlen(argv[1]) + 2;
+	state->zone_name = malloc(znsize);
 	if (state->zone_name == NULL) {
 		free(state);
 		return (ISC_R_NOMEMORY);
 	}
-	if (argv[1][strlen(argv[1]) - 1] == '.')
-		strcpy(state->zone_name, argv[1]);
-	else
-		sprintf(state->zone_name, "%s.", argv[1]);
+	if (argv[1][strlen(argv[1]) - 1] == '.') {
+		strlcpy(state->zone_name, argv[1], znsize);
+	} else {
+		snprintf(state->zone_name, znsize, "%s.", argv[1]);
+	}

 	n = snprintf(soa_data, sizeof(soa_data),
 		     "%s hostmaster.%s 123 900 600 86400 3600",
@ -362,7 +365,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,

 	if (strcmp(name, "source-addr") == 0) {
 		char buf[100];
-		strcpy(buf, "unknown");
+		strlcpy(buf, "unknown", sizeof(buf));
 		if (methods != NULL &&
 		    methods->version - methods->age <=
 			 DNS_CLIENTINFOMETHODS_VERSION &&
--- a/lib/bind9/getaddresses.c
+++ b/lib/bind9/getaddresses.c
@ -15,8 +15,6 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */
-
 /*! \file */

 #include <config.h>
@ -28,6 +26,7 @@
 #include <isc/netscope.h>
 #include <isc/result.h>
 #include <isc/sockaddr.h>
+#include <isc/string.h>
 #include <isc/util.h>

 #include <bind9/getaddresses.h>
@ -90,7 +89,7 @@ bind9_getaddresses(const char *hostname, in_port_t port,
 		char tmpbuf[128], *d;
 		isc_uint32_t zone = 0;

-		strcpy(tmpbuf, hostname);
+		strlcpy(tmpbuf, hostname, sizeof(tmpbuf));
 		d = strchr(tmpbuf, '%');
 		if (d != NULL)
 			*d = '\0';
--- a/lib/dns/byaddr.c
+++ b/lib/dns/byaddr.c
@ -89,6 +89,8 @@ dns_byaddr_createptrname2(isc_netaddr_t *address, unsigned int options,
 			       (bytes[1] & 0xff),
 			       (bytes[0] & 0xff));
 	} else if (address->family == AF_INET6) {
+		size_t remaining;
+
 		cp = textname;
 		for (i = 15; i >= 0; i--) {
 			*cp++ = hex_digits[bytes[i] & 0x0f];
@ -96,10 +98,12 @@ dns_byaddr_createptrname2(isc_netaddr_t *address, unsigned int options,
 			*cp++ = hex_digits[(bytes[i] >> 4) & 0x0f];
 			*cp++ = '.';
 		}
-		if ((options & DNS_BYADDROPT_IPV6INT) != 0)
-			strcpy(cp, "ip6.int.");
-		else
-			strcpy(cp, "ip6.arpa.");
+		remaining = sizeof(textname) - (cp - textname);
+		if ((options & DNS_BYADDROPT_IPV6INT) != 0) {
+			strlcpy(cp, "ip6.int.", remaining);
+		} else {
+			strlcpy(cp, "ip6.arpa.", remaining);
+		}
 	} else
 		return (ISC_R_NOTIMPLEMENTED);

--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@ -548,7 +548,7 @@ main(int argc, char **argv) {
 	for (i = 0; i < TYPENAMES; i++)
 		memset(&typenames[i], 0, sizeof(typenames[i]));

-	strcpy(srcdir, "");
+	srcdir[0] = '\0';
 	while ((c = isc_commandline_parse(argc, argv, "cdits:F:P:S:")) != -1)
 		switch (c) {
 		case 'c':
@ -643,7 +643,8 @@ main(int argc, char **argv) {
 	} else
 		year[0] = 0;

-	if (!depend) fprintf(stdout, copyright, year);
+	if (!depend)
+		fprintf(stdout, copyright, year);

 	if (code) {
 		fputs("#ifndef DNS_CODE_H\n", stdout);
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@ -712,7 +712,7 @@ genname(char *name, int it, char *buffer, size_t length) {
 				continue;
 			}
 			nibblemode = ISC_FALSE;
-			strcpy(fmt, "%d");
+			strlcpy(fmt, "%d", sizeof(fmt));
 			/* Get format specifier. */
 			if (*name == '{' ) {
 				n = sscanf(name, "{%d,%u,%1[doxXnN]}",
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@ -1614,7 +1614,7 @@ dns_name_tofilenametext(dns_name_t *name, isc_boolean_t omit_final_dot,
 				} else {
 					if (trem < 3)
 						return (ISC_R_NOSPACE);
-					sprintf(tdata, "%%%02X", c);
+					snprintf(tdata, trem, "%%%02X", c);
 					tdata += 3;
 					trem -= 3;
 					ndata++;
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@ -1073,7 +1073,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) {
 			dns_name_format(&rbtdb->common.origin, buf,
 					sizeof(buf));
 		else
-			strcpy(buf, "<UNKNOWN>");
+			strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 		isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 			      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 			      "done free_rbtdb(%s)", buf);
@ -1173,11 +1173,12 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) {
 		RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
 		if (want_free) {
 			char buf[DNS_NAME_FORMATSIZE];
-			if (dns_name_dynamic(&rbtdb->common.origin))
+			if (dns_name_dynamic(&rbtdb->common.origin)) {
 				dns_name_format(&rbtdb->common.origin, buf,
 						sizeof(buf));
-			else
-				strcpy(buf, "<UNKNOWN>");
+			} else {
+				strlcpy(buf, "<UNKNOWN>", sizeof(buf));
+			}
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 				      "calling free_rbtdb(%s)", buf);
@ -5547,7 +5548,7 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) {
 				dns_name_format(&rbtdb->common.origin, buf,
 						sizeof(buf));
 			else
-				strcpy(buf, "<UNKNOWN>");
+				strlcpy(buf, "<UNKNOWN>", sizeof(buf));
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
 				      DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1),
 				      "calling free_rbtdb(%s)", buf);
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -3934,8 +3934,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 	 */
 	dns_name_format(name, buf, sizeof(buf));
 	dns_rdatatype_format(type, typebuf, sizeof(typebuf));
-	strcat(buf, "/");       /* checked */
-	strcat(buf, typebuf);   /* checked */
+	strlcat(buf, "/", sizeof(buf));
+	strlcat(buf, typebuf, sizeof(buf));
 	fctx->info = isc_mem_strdup(mctx, buf);
 	if (fctx->info == NULL) {
 		result = ISC_R_NOMEMORY;
--- a/lib/dns/tests/master_test.c
+++ b/lib/dns/tests/master_test.c
@ -90,7 +90,7 @@ test_master(const char *testfile, dns_masterformat_t format,
 	unsigned char		name_buf[BUFLEN];
 	dns_rdatacallbacks_t	callbacks;

-	strcpy(origin, TEST_ORIGIN);
+	strlcpy(origin, TEST_ORIGIN, sizeof(origin));
 	len = strlen(origin);
 	isc_buffer_init(&source, origin, len);
 	isc_buffer_add(&source, len);
@ -507,7 +507,7 @@ ATF_TC_BODY(dumpraw, tc) {

 	UNUSED(tc);

-	strcpy(myorigin, TEST_ORIGIN);
+	strlcpy(myorigin, TEST_ORIGIN, sizeof(myorigin));
 	len = strlen(myorigin);
 	isc_buffer_init(&source, myorigin, len);
 	isc_buffer_add(&source, len);
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@ -198,28 +198,31 @@ tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) {

 	if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE)
 		return;
-	if (key != NULL)
+	if (key != NULL) {
 		dns_name_format(&key->name, namestr, sizeof(namestr));
-	else
-		strcpy(namestr, "<null>");
+	} else {
+		strlcpy(namestr, "<null>", sizeof(namestr));
+	}

-	if (key != NULL && key->generated && key->creator)
+	if (key != NULL && key->generated && key->creator) {
 		dns_name_format(key->creator, creatorstr, sizeof(creatorstr));
-	else
-		strcpy(creatorstr, "<null>");
+	} else {
+		strlcpy(creatorstr, "<null>", sizeof(creatorstr));
+	}

 	va_start(ap, fmt);
 	vsnprintf(message, sizeof(message), fmt, ap);
 	va_end(ap);
-	if (key != NULL && key->generated)
+	if (key != NULL && key->generated) {
 		isc_log_write(dns_lctx,
 			      DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG,
 			      level, "tsig key '%s' (%s): %s",
 			      namestr, creatorstr, message);
-	else
+	} else {
 		isc_log_write(dns_lctx,
 			      DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG,
 			      level, "tsig key '%s': %s", namestr, message);
+	}
 }

 static void
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@ -1007,8 +1007,9 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) {
 	result = isc_socket_getsockname(xfr->socket, &sockaddr);
 	if (result == ISC_R_SUCCESS) {
 		isc_sockaddr_format(&sockaddr, sourcetext, sizeof(sourcetext));
-	} else
-		strcpy(sourcetext, "<UNKNOWN>");
+	} else {
+		strlcpy(sourcetext, "<UNKNOWN>", sizeof(sourcetext));
+	}
 	xfrin_log(xfr, ISC_LOG_INFO, "connected using %s", sourcetext);

 	dns_tcpmsg_init(xfr->mctx, xfr->socket, &xfr->tcpmsg);
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -1305,7 +1305,7 @@ dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx) {
 		tmp2 += (zone->db_argc + 1) * sizeof(char *);
 		for (i = 0; i < zone->db_argc; i++) {
 			*tmp++ = tmp2;
-			strcpy(tmp2, zone->db_argv[i]);
+			strlcpy(tmp2, zone->db_argv[i], size);
 			tmp2 += strlen(tmp2) + 1;
 		}
 		*tmp = NULL;
@ -1522,8 +1522,8 @@ default_journal(dns_zone_t *zone) {
 		journal = isc_mem_allocate(zone->mctx, len);
 		if (journal == NULL)
 			return (ISC_R_NOMEMORY);
-		strcpy(journal, zone->masterfile);
-		strcat(journal, ".jnl");
+		strlcpy(journal, zone->masterfile, len);
+		strlcat(journal, ".jnl", len);
 	} else {
 		journal = NULL;
 	}
@ -16258,7 +16258,7 @@ dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
 		}
 		salt[j] = '\0';
 	} else
-		strcpy(salt, "-");
+		strlcpy(salt, "-", sizeof(salt));
 	dns_zone_log(zone, ISC_LOG_NOTICE,
 		     "dns_zone_addnsec3chain(hash=%u, iterations=%u, salt=%s)",
 		     nsec3param->hash, nsec3param->iterations,
--- a/lib/irs/getnameinfo.c
+++ b/lib/irs/getnameinfo.c
@ -14,8 +14,6 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id$ */
-
 /*! \file */

 /*
@ -103,6 +101,7 @@
 #include <isc/netaddr.h>
 #include <isc/print.h>
 #include <isc/sockaddr.h>
+#include <isc/string.h>
 #include <isc/util.h>

 #include <dns/byaddr.h>
@ -213,11 +212,11 @@ getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen,
 		snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
 		if ((strlen(numserv) + 1) > servlen)
 			ERR(EAI_OVERFLOW);
-		strcpy(serv, numserv);
+		strlcpy(serv, numserv, servlen);
 	} else {
 		if ((strlen(sp->s_name) + 1) > servlen)
 			ERR(EAI_OVERFLOW);
-		strcpy(serv, sp->s_name);
+		strlcpy(serv, sp->s_name, servlen);
 	}

 #if 0
@ -274,7 +273,7 @@ getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen,
 #endif
 		if (strlen(numaddr) + 1 > hostlen)
 			ERR(EAI_OVERFLOW);
-		strcpy(host, numaddr);
+		strlcpy(host, numaddr, hostlen);
 	} else {
 		isc_netaddr_t netaddr;
 		dns_fixedname_t ptrfname;
@ -400,7 +399,7 @@ getnameinfo(const struct sockaddr *sa, IRS_GETNAMEINFO_SOCKLEN_T salen,
 				ERR(EAI_SYSTEM);
 			if ((strlen(numaddr) + 1) > hostlen)
 				ERR(EAI_OVERFLOW);
-			strcpy(host, numaddr);
+			strlcpy(host, numaddr, hostlen);
 		}
 	}
 	result = SUCCESS;
--- a/lib/isc/include/isc/file.h
+++ b/lib/isc/include/isc/file.h
@ -258,7 +258,6 @@ isc_file_progname(const char *filename, char *buf, size_t buflen);
 * \brief Given an operating system specific file name "filename"
 * referring to a program, return the canonical program name.
 *
- *
 * Any directory prefix or executable file name extension (if
 * used on the OS in case) is stripped.  On systems where program
 * names are case insensitive, the name is canonicalized to all
--- a/lib/isc/inet_ntop.c
+++ b/lib/isc/inet_ntop.c
@ -95,7 +95,7 @@ inet_ntop4(const unsigned char *src, char *dst, size_t size)
 		errno = ENOSPC;
 		return (NULL);
 	}
-	strcpy(dst, tmp);
+	strlcpy(dst, tmp, size);

 	return (dst);
 }
@ -193,7 +193,7 @@ inet_ntop6(const unsigned char *src, char *dst, size_t size)
 		errno = ENOSPC;
 		return (NULL);
 	}
-	strcpy(dst, tmp);
+	strlcpy(dst, tmp, size);
 	return (dst);
 }
 #endif /* AF_INET6 */
--- a/lib/isc/netaddr.c
+++ b/lib/isc/netaddr.c
@ -306,7 +306,7 @@ isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path) {

 	memset(netaddr, 0, sizeof(*netaddr));
 	netaddr->family = AF_UNIX;
-	strcpy(netaddr->type.un, path);
+	strlcpy(netaddr->type.un, path, sizeof(netaddr->type.un));
 	netaddr->zone = 0;
 	return (ISC_R_SUCCESS);
 #else
--- a/lib/isc/sockaddr.c
+++ b/lib/isc/sockaddr.c
@ -502,7 +502,8 @@ isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) {
 	sockaddr->type.sunix.sun_len =
 			(unsigned char)sizeof(sockaddr->type.sunix);
 #endif
-	strcpy(sockaddr->type.sunix.sun_path, path);
+	strlcpy(sockaddr->type.sunix.sun_path, path,
+		sizeof(sockaddr->type.sunix.sun_path));
 	return (ISC_R_SUCCESS);
 #else
 	UNUSED(sockaddr);
--- a/lib/isc/tests/hash_test.c
+++ b/lib/isc/tests/hash_test.c
@ -57,16 +57,16 @@ tohexstr(unsigned char *d, unsigned int len, char *out);

 isc_result_t
 tohexstr(unsigned char *d, unsigned int len, char *out) {
-
-	out[0]='\0';
 	char c_ret[] = "AA";
 	unsigned int i;
-	strcat(out, "0x");
+	int size = len * 2 + 1;
+
+	out[0] = '\0';
+	strlcat(out, "0x", size);
 	for (i = 0; i < len; i++) {
-		sprintf(c_ret, "%02X", d[i]);
-		strcat(out, c_ret);
+		snprintf(c_ret, sizeof(c_ret), "%02X", d[i]);
+		strlcat(out, c_ret, size);
 	}
-	strcat(out, "\0");
 	return (ISC_R_SUCCESS);
 }

--- a/lib/isc/tests/socket_test.c
+++ b/lib/isc/tests/socket_test.c
@ -116,7 +116,7 @@ ATF_TC_BODY(udp_sendto, tc) {
 	result = isc_task_create(taskmgr, 0, &task);
 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

-	strcpy(sendbuf, "Hello");
+	snprintf(sendbuf, sizeof(sendbuf), "Hello");
 	r.base = (void *) sendbuf;
 	r.length = strlen(sendbuf) + 1;

@ -190,7 +190,7 @@ ATF_TC_BODY(udp_dup, tc) {
 	result = isc_task_create(taskmgr, 0, &task);
 	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);

-	strcpy(sendbuf, "Hello");
+	snprintf(sendbuf, sizeof(sendbuf), "Hello");
 	r.base = (void *) sendbuf;
 	r.length = strlen(sendbuf) + 1;

@ -202,7 +202,7 @@ ATF_TC_BODY(udp_dup, tc) {
 	ATF_CHECK(completion.done);
 	ATF_CHECK_EQ(completion.result, ISC_R_SUCCESS);

-	strcpy(sendbuf, "World");
+	snprintf(sendbuf, sizeof(sendbuf), "World");
 	r.base = (void *) sendbuf;
 	r.length = strlen(sendbuf) + 1;

--- a/lib/isc/unix/dir.c
+++ b/lib/isc/unix/dir.c
@ -66,10 +66,11 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) {
 	 * Copy directory name.  Need to have enough space for the name,
 	 * a possible path separator, the wildcard, and the final NUL.
 	 */
-	if (strlen(dirname) + 3 > sizeof(dir->dirname))
+	if (strlen(dirname) + 3 > sizeof(dir->dirname)) {
 		/* XXXDCL ? */
 		return (ISC_R_NOSPACE);
-	strcpy(dir->dirname, dirname);
+	}
+	strlcpy(dir->dirname, dirname, sizeof(dir->dirname));

 	/*
 	 * Append path separator, if needed, and "*".
@ -85,8 +86,9 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) {
 	 */
 	dir->handle = opendir(dirname);

-	if (dir->handle == NULL)
-		return isc__errno2result(errno);
+	if (dir->handle == NULL) {
+		return (isc__errno2result(errno));
+	}

 	return (result);
 }
@ -116,9 +118,9 @@ isc_dir_read(isc_dir_t *dir) {
 	 * Make sure that the space for the name is long enough.
 	 */
 	if (sizeof(dir->entry.name) <= strlen(entry->d_name))
-	    return (ISC_R_UNEXPECTED);
+		return (ISC_R_UNEXPECTED);

-	strcpy(dir->entry.name, entry->d_name);
+	strlcpy(dir->entry.name, entry->d_name, sizeof(dir->entry.name));

 	/*
 	 * Some dirents have d_namlen, but it is not portable.
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@ -224,12 +224,12 @@ isc_file_template(const char *path, const char *templet, char *buf,

 		strncpy(buf, path, s - path + 1);
 		buf[s - path + 1] = '\0';
-		strcat(buf, templet);
+		strlcat(buf, templet, buflen);
 	} else {
 		if ((strlen(templet) + 1) > buflen)
 			return (ISC_R_NOSPACE);

-		strcpy(buf, templet);
+		strlcpy(buf, templet, buflen);
 	}

 	return (ISC_R_SUCCESS);
@ -508,15 +508,17 @@ dir_current(char *dirname, size_t length) {
 	cwd = getcwd(dirname, length);

 	if (cwd == NULL) {
-		if (errno == ERANGE)
+		if (errno == ERANGE) {
 			result = ISC_R_NOSPACE;
-		else
+		} else {
 			result = isc__errno2result(errno);
+		}
 	} else {
-		if (strlen(dirname) + 1 == length)
+		if (strlen(dirname) + 1 == length) {
 			result = ISC_R_NOSPACE;
-		else if (dirname[1] != '\0')
-			strcat(dirname, "/");
+		} else if (dirname[1] != '\0') {
+			strlcat(dirname, "/", length);
+		}
 	}

 	return (result);
@ -530,7 +532,7 @@ isc_file_absolutepath(const char *filename, char *path, size_t pathlen) {
 		return (result);
 	if (strlen(path) + strlen(filename) + 1 > pathlen)
 		return (ISC_R_NOSPACE);
-	strcat(path, filename);
+	strlcat(path, filename, pathlen);
 	return (ISC_R_SUCCESS);
 }

--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@ -54,6 +54,7 @@
 #include <isc/socket.h>
 #include <isc/stats.h>
 #include <isc/strerror.h>
+#include <isc/string.h>
 #include <isc/task.h>
 #include <isc/thread.h>
 #include <isc/util.h>
@ -5158,17 +5159,19 @@ isc__socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm,

 	REQUIRE(sockaddr->type.sa.sa_family == AF_UNIX);
 	INSIST(strlen(sockaddr->type.sunix.sun_path) < sizeof(path));
-	strcpy(path, sockaddr->type.sunix.sun_path);
+	strlcpy(path, sockaddr->type.sunix.sun_path, sizeof(path));

 #ifdef NEED_SECURE_DIRECTORY
 	slash = strrchr(path, '/');
 	if (slash != NULL) {
-		if (slash != path)
+		if (slash != path) {
 			*slash = '\0';
-		else
-			strcpy(path, "/");
-	} else
-		strcpy(path, ".");
+		} else {
+			strlcpy(path, "/", sizeof(path));
+		}
+	} else {
+		strlcpy(path, ".", sizeof(path));
+	}
 #endif

 	if (chmod(path, perm) < 0) {
--- a/lib/isc/win32/dir.c
+++ b/lib/isc/win32/dir.c
@ -76,7 +76,7 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) {
 	if (strlen(dirname) + 3 > sizeof(dir->dirname))
 		/* XXXDCL ? */
 		return (ISC_R_NOSPACE);
-	strcpy(dir->dirname, dirname);
+	strlcpy(dir->dirname, dirname, sizeof(dir->dirname));

 	/*
 	 * Append path separator, if needed, and "*".
@ -130,7 +130,8 @@ isc_dir_read(isc_dir_t *dir) {
 	/*
 	 * Make sure that the space for the name is long enough.
 	 */
-	strcpy(dir->entry.name, dir->entry.find_data.cFileName);
+	strlcpy(dir->entry.name, dir->entry.find_data.cFileName,
+		sizeof(dir->entry.name));
 	dir->entry.length = strlen(dir->entry.name);

 	return (ISC_R_SUCCESS);
@ -213,7 +214,8 @@ start_directory(isc_dir_t *dir)
 	/*
 	 * Fill in the data for the first entry of the directory.
 	 */
-	strcpy(dir->entry.name, dir->entry.find_data.cFileName);
+	strlcpy(dir->entry.name, dir->entry.find_data.cFileName,
+		sizeof(dir->entry.name));
 	dir->entry.length = strlen(dir->entry.name);

 	dir->entry_filled = ISC_TRUE;
--- a/lib/isc/win32/file.c
+++ b/lib/isc/win32/file.c
@ -166,8 +166,8 @@ isc_file_safemovefile(const char *oldname, const char *newname) {
 	 */
 	if (stat(newname, &sbuf) == 0) {
 		exists = TRUE;
-		strcpy(buf, newname);
-		strcat(buf, ".XXXXX");
+		strlcpy(buf, newname, sizeof(buf));
+		strlcat(buf, ".XXXXX", sizeof(buf));
 		tmpfd = mkstemp(buf, ISC_TRUE);
 		if (tmpfd > 0)
 			_close(tmpfd);
@ -284,12 +284,12 @@ isc_file_template(const char *path, const char *templet, char *buf,

 		strncpy(buf, path, s - path + 1);
 		buf[s - path + 1] = '\0';
-		strcat(buf, templet);
+		strlcat(buf, templet, buflen);
 	} else {
 		if ((strlen(templet) + 1) > buflen)
 			return (ISC_R_NOSPACE);

-		strcpy(buf, templet);
+		strlcpy(buf, templet, buflen);
 	}

 	return (ISC_R_SUCCESS);
@ -532,7 +532,7 @@ isc_file_progname(const char *filename, char *progname, size_t namelen) {
 		if (namelen <= strlen(s))
 			return (ISC_R_NOSPACE);

-		strcpy(progname, s);
+		strlcpy(progname, s, namelen);
 		return (ISC_R_SUCCESS);
 	}

@ -543,7 +543,7 @@ isc_file_progname(const char *filename, char *progname, size_t namelen) {
 	if (len >= namelen)
 		return (ISC_R_NOSPACE);

-	strncpy(progname, s, len);
+	strlcpy(progname, s, len);
 	progname[len] = '\0';
 	return (ISC_R_SUCCESS);
 }
--- a/lib/isc/win32/fsaccess.c
+++ b/lib/isc/win32/fsaccess.c
@ -84,14 +84,14 @@ is_ntfs(const char * file) {

 	else if ((filename[0] == '\\') && (filename[1] == '\\')) {
 		/* Find the machine and share name and rebuild the UNC */
-		strcpy(tmpbuf, filename);
+		strlcpy(tmpbuf, filename, sizeof(tmpbuf));
 		machinename = strtok(tmpbuf, "\\");
 		sharename = strtok(NULL, "\\");
-		strcpy(drive, "\\\\");
-		strcat(drive, machinename);
-		strcat(drive, "\\");
-		strcat(drive, sharename);
-		strcat(drive, "\\");
+		strlcpy(drive, "\\\\", sizeof(drive));
+		strlcat(drive, machinename, sizeof(drive));
+		strlcat(drive, "\\", sizeof(drive));
+		strlcat(drive, sharename, sizeof(drive));
+		strlcat(drive, "\\", sizeof(drive));

 	}
 	else /* Not determinable */
--- a/lib/isccfg/parser.c
+++ b/lib/isccfg/parser.c
@ -2022,27 +2022,25 @@ token_addr(cfg_parser_t *pctx, unsigned int flags, isc_netaddr_t *na) {
 				return (ISC_R_SUCCESS);
 			}
 		}
-		if ((flags & CFG_ADDR_V4PREFIXOK) != 0 &&
-		    strlen(s) <= 15U) {
+		if ((flags & CFG_ADDR_V4PREFIXOK) != 0 && strlen(s) <= 15U) {
 			char buf[64];
 			int i;

-			strcpy(buf, s);
+			strlcpy(buf, s, sizeof(buf));
 			for (i = 0; i < 3; i++) {
-				strcat(buf, ".0");
+				strlcat(buf, ".0", sizeof(buf));
 				if (inet_pton(AF_INET, buf, &in4a) == 1) {
 					isc_netaddr_fromin(na, &in4a);
 					return (ISC_R_SUCCESS);
 				}
 			}
 		}
-		if ((flags & CFG_ADDR_V6OK) != 0 &&
-		    strlen(s) <= 127U) {
+		if ((flags & CFG_ADDR_V6OK) != 0 && strlen(s) <= 127U) {
 			char buf[128]; /* see lib/bind9/getaddresses.c */
 			char *d; /* zone delimiter */
 			isc_uint32_t zone = 0; /* scope zone ID */

-			strcpy(buf, s);
+			strlcpy(buf, s, sizeof(buf));
 			d = strchr(buf, '%');
 			if (d != NULL)
 				*d = '\0';
@ -2622,9 +2620,10 @@ parser_complain(cfg_parser_t *pctx, isc_boolean_t is_warning,

 	len = vsnprintf(message, sizeof(message), format, args);
 #define ELIPSIS " ... "
-	if (len >= sizeof(message))
+	if (len >= sizeof(message)) {
 		strcpy(message + sizeof(message) - sizeof(ELIPSIS) - 1,
 		       ELIPSIS);
+	}

 	if ((flags & (CFG_LOG_NEAR|CFG_LOG_BEFORE|CFG_LOG_NOPREP)) != 0) {
 		isc_region_t r;