tests: replace strcpy() with curlx_strcopy()

Also: - examples/hsts-preload: apply the same change as it's based on lib1915 in tests. Make a local clone of `curlx_strcopy()`. Then drop the `_CRT_SECURE_NO_WARNINGS` hack, that's no longer necessary. - curl_setup.h: delete `strcpy()` from the `_CRT_SECURE_NO_WARNINGS` list. Closes #20076
2026-01-18 17:21:26 +01:00 · 2025-12-23 11:59:59 +01:00
parent 66aec526fc
commit 436e67f65b
9 changed files with 43 additions and 30 deletions
--- a/docs/examples/hsts-preload.c
+++ b/docs/examples/hsts-preload.c
@@ -25,12 +25,6 @@
 * Preload domains to HSTS
 * </DESC>
 */
-#ifdef _MSC_VER
-#ifndef _CRT_SECURE_NO_WARNINGS
-#define _CRT_SECURE_NO_WARNINGS  /* for strcpy() */
-#endif
-#endif
-
 #include <stdio.h>
 #include <string.h>

@@ -51,6 +45,16 @@ struct state {
  int index;
 };

+static void strcopy(char *dest, size_t dsize, const char *src, size_t slen)
+{
+  if(slen < dsize) {
+    memcpy(dest, src, slen);
+    dest[slen] = 0;
+  }
+  else if(dsize)
+    dest[0] = 0;
+}
+
 /* "read" is from the point of the library, it wants data from us. One domain
   entry per invoke. */
 static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp)
@@ -62,10 +66,10 @@ static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp)
  host = preload_hosts[s->index].name;
  expire = preload_hosts[s->index++].exp;

-  if(host && (strlen(host) < e->namelen)) {
-    strcpy(e->name, host);
+  if(host) {
+    strcopy(e->name, e->namelen, host, strlen(host));
    e->includeSubDomains = 0;
-    strcpy(e->expire, expire);
+    strcopy(e->expire, sizeof(e->expire), expire, strlen(expire));
    fprintf(stderr, "HSTS preload '%s' until '%s'\n", host, expire);
  }
  else
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -94,7 +94,7 @@
 #define _CRT_NONSTDC_NO_DEPRECATE  /* for close(), fileno(), unlink(), etc. */
 #endif
 #ifndef _CRT_SECURE_NO_WARNINGS
-#define _CRT_SECURE_NO_WARNINGS  /* for getenv(), strcpy(), tests: sscanf() */
+#define _CRT_SECURE_NO_WARNINGS  /* for getenv(), tests: sscanf() */
 #endif
 #endif /* _MSC_VER */

--- a/tests/libtest/lib1901.c
+++ b/tests/libtest/lib1901.c
@@ -33,12 +33,11 @@ static size_t t1901_read_cb(char *ptr, size_t size, size_t nmemb, void *stream)
    NULL
  };
  static int ix = 0;
-  (void)size;
  (void)nmemb;
  (void)stream;
  if(chunks[ix]) {
    size_t len = strlen(chunks[ix]);
-    strcpy(ptr, chunks[ix]);
+    curlx_strcopy(ptr, size * nmemb, chunks[ix], len);
    ix++;
    return len;
  }
--- a/tests/libtest/lib1915.c
+++ b/tests/libtest/lib1915.c
@@ -58,10 +58,10 @@ static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp)
  host = preload_hosts[s->index].name;
  expire = preload_hosts[s->index++].exp;

-  if(host && (strlen(host) < e->namelen)) {
-    strcpy(e->name, host);
+  if(host) {
+    curlx_strcopy(e->name, e->namelen, host, strlen(host));
    e->includeSubDomains = FALSE;
-    strcpy(e->expire, expire);
+    curlx_strcopy(e->expire, sizeof(e->expire), expire, strlen(expire));
    curl_mfprintf(stderr, "add '%s'\n", host);
  }
  else
--- a/tests/libtest/lib544.c
+++ b/tests/libtest/lib544.c
@@ -63,7 +63,7 @@ static CURLcode test_lib544(const char *URL)
  test_setopt(curl, CURLOPT_HEADER, 1L); /* include header */

  /* Update the original data to detect non-copy. */
-  strcpy(teststring, "FAIL");
+  curlx_strcopy(teststring, sizeof(teststring), "FAIL", strlen("FAIL"));

  {
    CURL *curl2;
--- a/tests/server/getpart.c
+++ b/tests/server/getpart.c
@@ -391,19 +391,19 @@ int getpart(char **outbuf, size_t *outlen,

      if(STATE_OUTSIDE == state) {
        /* outermost element (<testcase>) */
-        strcpy(curouter, ptag);
+        curlx_strcopy(curouter, sizeof(curouter), ptag, strlen(ptag));
        state = STATE_OUTER;
        continue;
      }
      else if(STATE_OUTER == state) {
        /* start of a main section */
-        strcpy(curmain, ptag);
+        curlx_strcopy(curmain, sizeof(curmain), ptag, strlen(ptag));
        state = STATE_INMAIN;
        continue;
      }
      else if(STATE_INMAIN == state) {
        /* start of a sub section */
-        strcpy(cursub, ptag);
+        curlx_strcopy(cursub, sizeof(cursub), ptag, strlen(ptag));
        state = STATE_INSUB;
        if(!strcmp(curmain, main) && !strcmp(cursub, sub)) {
          /* start of wanted part */
--- a/tests/server/socksd.c
+++ b/tests/server/socksd.c
@@ -101,9 +101,12 @@ static void socksd_resetdefaults(void)
  s_config.reqcmd = CONFIG_REQCMD;
  s_config.connectrep = CONFIG_CONNECTREP;
  s_config.port = CONFIG_PORT;
-  strcpy(s_config.addr, CONFIG_ADDR);
-  strcpy(s_config.user, "user");
-  strcpy(s_config.password, "password");
+  curlx_strcopy(s_config.addr, sizeof(s_config.addr),
+                CONFIG_ADDR, strlen(CONFIG_ADDR));
+  curlx_strcopy(s_config.user, sizeof(s_config.user),
+                "user", strlen("user"));
+  curlx_strcopy(s_config.password, sizeof(s_config.password),
+                "password", strlen("password"));
 }

 static void socksd_getconfig(void)
@@ -141,7 +144,8 @@ static void socksd_getconfig(void)
          }
        }
        else if(!strcmp(key, "backend")) {
-          strcpy(s_config.addr, value);
+          curlx_strcopy(s_config.addr, sizeof(s_config.addr),
+                        value, strlen(value));
          logmsg("backend [%s] set", s_config.addr);
        }
        else if(!strcmp(key, "backendport")) {
@@ -152,11 +156,13 @@ static void socksd_getconfig(void)
          }
        }
        else if(!strcmp(key, "user")) {
-          strcpy(s_config.user, value);
+          curlx_strcopy(s_config.user, sizeof(s_config.user),
+                        value, strlen(value));
          logmsg("user [%s] set", s_config.user);
        }
        else if(!strcmp(key, "password")) {
-          strcpy(s_config.password, value);
+          curlx_strcopy(s_config.password, sizeof(s_config.password),
+                        value, strlen(value));
          logmsg("password [%s] set", s_config.password);
        }
        /* Methods:
--- a/tests/server/util.c
+++ b/tests/server/util.c
@@ -694,7 +694,7 @@ int bind_unix_socket(curl_socket_t sock, const char *unix_socket,
    logmsg("Too long unix socket domain path (%zd)", len);
    return -1;
  }
-  strcpy(sau->sun_path, unix_socket);
+  curlx_strcopy(sau->sun_path, sizeof(sau->sun_path), unix_socket, len);
  rc = bind(sock, (struct sockaddr *)sau, sizeof(struct sockaddr_un));
  if(rc && SOCKERRNO == SOCKEADDRINUSE) {
    struct_stat statbuf;
--- a/tests/unit/unit3205.c
+++ b/tests/unit/unit3205.c
@@ -560,10 +560,14 @@ static CURLcode test_unit3205(const char *arg)

    /* suites matched by EDH alias will return the DHE name */
    if(test->id >= 0x0011 && test->id < 0x0017) {
-      if(expect && memcmp(expect, "EDH-", 4) == 0)
-        expect = (char *)memcpy(strcpy(alt, expect), "DHE-", 4);
-      if(expect && memcmp(expect + 4, "EDH-", 4) == 0)
-        expect = (char *)memcpy(strcpy(alt, expect) + 4, "DHE-", 4) - 4;
+      if(expect && memcmp(expect, "EDH-", 4) == 0) {
+        curlx_strcopy(alt, sizeof(alt), expect, strlen(expect));
+        expect = (char *)memcpy(alt, "DHE-", 4);
+      }
+      if(expect && memcmp(expect + 4, "EDH-", 4) == 0) {
+        curlx_strcopy(alt, sizeof(alt), expect, strlen(expect));
+        expect = (char *)memcpy(alt + 4, "DHE-", 4) - 4;
+      }
    }

    if(expect && strcmp(buf, expect) != 0) {