Not-safe function strcpy, possible buffer overflow #901

issue mad opened this issue on February 26, 2012
  1. mad commented at 11:24 AM on February 26, 2012: none

    There [1][2] we use strcpy, first arg may contain MAX_PATH+100 (355) chars, but second arg may contain 32,767 chars [3]

    [1] https://github.com/bitcoin/bitcoin/blob/master/src/util.cpp#L820 [2] https://github.com/bitcoin/bitcoin/blob/master/src/util.cpp#L825 [3] http://msdn.microsoft.com/en-us/library/windows/desktop/ms682653(v=vs.85).aspx

  2. sipa commented at 3:10 PM on February 26, 2012: member

    So we just need an strlen check before copying, as no meaningful value in APPDATA is longer than MAX_PATH?

  3. laanwj commented at 3:17 PM on February 26, 2012: member

    Maybe we should strive to use safe C++ string functions everywhere, instead of archaic strcpy/strcat buffer manipulation.

    Edit: especially in this case, as the function returns a std::string already.

    Edit2: the rest of the function could be simplified too, to simply call SHGetSpecialFolderPathA, as we require _WINNT 0x0501 (Windows XP) and the function was introduced in 5.0 (Windows 2000).

  4. laanwj referenced this in commit 6ac8cb3d41 on Feb 26, 2012
  5. laanwj referenced this in commit 21ae37d215 on Feb 26, 2012
  6. sipa closed this on Feb 27, 2012
  7. sipa reopened this on Feb 27, 2012
  8. sipa commented at 5:21 PM on February 28, 2012: member

    Fixed in #902.

  9. sipa closed this on Feb 28, 2012
  10. coblee referenced this in commit eb195f10cc on Jul 17, 2012
  11. suprnurd referenced this in commit 3c29252469 on Dec 5, 2017
  12. ptschip referenced this in commit e26254504b on Jan 11, 2018
  13. ptschip referenced this in commit b853490d13 on Jan 19, 2018
  14. lateminer referenced this in commit be3aab4a00 on Oct 30, 2019
  15. sipa referenced this in commit 77ccaf5cb9 on Apr 2, 2021
  16. sipa referenced this in commit cb8f70f488 on Apr 2, 2021
  17. sipa referenced this in commit a110aca93f on Apr 2, 2021
  18. sipa referenced this in commit bdca9bcb6c on Apr 23, 2021
  19. rebroad referenced this in commit 6e13b4e771 on Jun 23, 2021
  20. MarcoFalke locked this on Sep 8, 2021
Contributors
madsipalaanwj
Linked (view graph)
#902 Simplify MyGetSpecialFolderPath and fix possible buffer overflow (#901)#8238 [WIP][depends] ZeroMQ 4.1.5 && ZMQ on Windows
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me