From 45b388fdc7469e32346885efaa748877a2ca4e7a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 9 Oct 2024 15:56:28 +0200
Subject: [PATCH] tests/server/util.c: remove use of strncpy

... and ban the function in code in this directory.

Closes #15213
---
 REUSE.toml               |   1 +
 tests/server/.checksrc   |   1 +
 tests/server/Makefile.am |   2 +-
 tests/server/util.c      | 112 +++++++++++++++++++++------------------
 4 files changed, 62 insertions(+), 54 deletions(-)
 create mode 100644 tests/server/.checksrc

diff --git a/REUSE.toml b/REUSE.toml
index 431cbb5999..e242452d8f 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -49,6 +49,7 @@ path = [
   "lib/vtls/.checksrc",
   "src/.checksrc",
   "tests/libtest/.checksrc",
+  "tests/server/.checksrc",
 ]
 SPDX-FileCopyrightText = "Daniel Stenberg, <daniel@haxx.se>, et al."
 SPDX-License-Identifier = "curl"
diff --git a/tests/server/.checksrc b/tests/server/.checksrc
new file mode 100644
index 0000000000..8f67fd2a3e
--- /dev/null
+++ b/tests/server/.checksrc
@@ -0,0 +1 @@
+enable STRNCPY
diff --git a/tests/server/Makefile.am b/tests/server/Makefile.am
index b2e22cf6b7..1a844f121b 100644
--- a/tests/server/Makefile.am
+++ b/tests/server/Makefile.am
@@ -50,7 +50,7 @@ AM_CPPFLAGS += -DCURL_NO_GETADDRINFO_OVERRIDE
 # Makefile.inc provides neat definitions
 include Makefile.inc
 
-EXTRA_DIST = base64.pl CMakeLists.txt
+EXTRA_DIST = base64.pl CMakeLists.txt .checksrc
 
 CHECKSRC = $(CS_$(V))
 CS_0 = @echo "  RUN     " $@;
diff --git a/tests/server/util.c b/tests/server/util.c
index 96f44fe0be..a36dc0055d 100644
--- a/tests/server/util.c
+++ b/tests/server/util.c
@@ -834,60 +834,66 @@ void restore_signal_handlers(bool keep_sigalrm)
 #ifdef USE_UNIX_SOCKETS
 
 int bind_unix_socket(curl_socket_t sock, const char *unix_socket,
-        struct sockaddr_un *sau) {
-    int error;
-    int rc;
+                     struct sockaddr_un *sau)
+{
+  int error;
+  int rc;
+  size_t len = strlen(unix_socket);
 
-    memset(sau, 0, sizeof(struct sockaddr_un));
-    sau->sun_family = AF_UNIX;
-    strncpy(sau->sun_path, unix_socket, sizeof(sau->sun_path) - 1);
-    rc = bind(sock, (struct sockaddr*)sau, sizeof(struct sockaddr_un));
-    if(0 != rc && SOCKERRNO == EADDRINUSE) {
-      struct_stat statbuf;
-      /* socket already exists. Perhaps it is stale? */
-      curl_socket_t unixfd = socket(AF_UNIX, SOCK_STREAM, 0);
-      if(CURL_SOCKET_BAD == unixfd) {
-        logmsg("Failed to create socket at %s: (%d) %s",
-               unix_socket, SOCKERRNO, sstrerror(SOCKERRNO));
-        return -1;
-      }
-      /* check whether the server is alive */
-      rc = connect(unixfd, (struct sockaddr*)sau, sizeof(struct sockaddr_un));
-      error = SOCKERRNO;
-      sclose(unixfd);
-      if(0 != rc && ECONNREFUSED != error) {
-        logmsg("Failed to connect to %s: (%d) %s",
-               unix_socket, error, sstrerror(error));
-        return rc;
-      }
-      /* socket server is not alive, now check if it was actually a socket. */
-#ifdef _WIN32
-      /* Windows does not have lstat function. */
-      rc = curlx_win32_stat(unix_socket, &statbuf);
-#else
-      rc = lstat(unix_socket, &statbuf);
-#endif
-      if(0 != rc) {
-        logmsg("Error binding socket, failed to stat %s: (%d) %s",
-               unix_socket, errno, strerror(errno));
-        return rc;
-      }
-#ifdef S_IFSOCK
-      if((statbuf.st_mode & S_IFSOCK) != S_IFSOCK) {
-        logmsg("Error binding socket, failed to stat %s", unix_socket);
-        return -1;
-      }
-#endif
-      /* dead socket, cleanup and retry bind */
-      rc = unlink(unix_socket);
-      if(0 != rc) {
-        logmsg("Error binding socket, failed to unlink %s: (%d) %s",
-               unix_socket, errno, strerror(errno));
-        return rc;
-      }
-      /* stale socket is gone, retry bind */
-      rc = bind(sock, (struct sockaddr*)sau, sizeof(struct sockaddr_un));
+  memset(sau, 0, sizeof(struct sockaddr_un));
+  sau->sun_family = AF_UNIX;
+  if(len >= sizeof(sau->sun_path) - 1) {
+    logmsg("Too long unix socket domain path (%zd)", len);
+    return -1;
+  }
+  strcpy(sau->sun_path, unix_socket);
+  rc = bind(sock, (struct sockaddr*)sau, sizeof(struct sockaddr_un));
+  if(0 != rc && SOCKERRNO == EADDRINUSE) {
+    struct_stat statbuf;
+    /* socket already exists. Perhaps it is stale? */
+    curl_socket_t unixfd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if(CURL_SOCKET_BAD == unixfd) {
+      logmsg("Failed to create socket at %s: (%d) %s",
+             unix_socket, SOCKERRNO, sstrerror(SOCKERRNO));
+      return -1;
     }
-    return rc;
+    /* check whether the server is alive */
+    rc = connect(unixfd, (struct sockaddr*)sau, sizeof(struct sockaddr_un));
+    error = SOCKERRNO;
+    sclose(unixfd);
+    if(0 != rc && ECONNREFUSED != error) {
+      logmsg("Failed to connect to %s: (%d) %s",
+             unix_socket, error, sstrerror(error));
+      return rc;
+    }
+    /* socket server is not alive, now check if it was actually a socket. */
+#ifdef _WIN32
+    /* Windows does not have lstat function. */
+    rc = curlx_win32_stat(unix_socket, &statbuf);
+#else
+    rc = lstat(unix_socket, &statbuf);
+#endif
+    if(0 != rc) {
+      logmsg("Error binding socket, failed to stat %s: (%d) %s",
+             unix_socket, errno, strerror(errno));
+      return rc;
+    }
+#ifdef S_IFSOCK
+    if((statbuf.st_mode & S_IFSOCK) != S_IFSOCK) {
+      logmsg("Error binding socket, failed to stat %s", unix_socket);
+      return -1;
+    }
+#endif
+    /* dead socket, cleanup and retry bind */
+    rc = unlink(unix_socket);
+    if(0 != rc) {
+      logmsg("Error binding socket, failed to unlink %s: (%d) %s",
+             unix_socket, errno, strerror(errno));
+      return rc;
+    }
+    /* stale socket is gone, retry bind */
+    rc = bind(sock, (struct sockaddr*)sau, sizeof(struct sockaddr_un));
+  }
+  return rc;
 }
 #endif