lib: replace _tcsncpy/wcsncpy/wcscpy with _s counterparts (Windows)

Replace: - curl_sspi: macro `_tcsncpy()` with `_tcsncpy_s()`. - curlx/fopen: `wcsncpy()` with `wcsncpy_s()`. - curlx/fopen: `wcscpy()` with `wcscpy_s()`. Use of the pre-existing functions were safe. This patch aims to use the recommended Windows CRT functions. Handle errors returned by them. Also to avoid the compiler warnings silenced via `_CRT_SECURE_NO_WARNINGS`: ``` lib/curl_sspi.c(152): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(161): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(162): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(174): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. lib/curlx/fopen.c(175): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. ``` Refs: https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-strncpy-l-wcsncpy-wcsncpy-l-mbsncpy-mbsncpy-l https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l https://learn.microsoft.com/cpp/c-runtime-library/security-features-in-the-crt Cherry-picked from #19581 (in part) Closes #19589
2026-04-11 12:01:42 +08:00 · 2025-11-17 23:49:15 +01:00 · 2025-11-17 23:49:15 +01:00 · eaa7651374
commit eaa7651374
parent 3561f2c7bf
3 changed files with 22 additions and 7 deletions
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@ -98,7 +98,7 @@
 #define _CRT_SECURE_NO_WARNINGS  /* for __sys_errlist, __sys_nerr, _open(),
                                    _wfopen(), _wopen(), fopen(), freopen(),
                                    getenv(), gmtime(), mbstowcs(), sprintf(),
-                                    strcpy(), wcscpy(), wcsncpy(), wcstombs(),
+                                    strcpy(), wcstombs(),
                                    in tests: localtime(), open(), sscanf() */
 #endif
 #endif /* _MSC_VER */
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@ -149,8 +149,11 @@ CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
    curlx_unicodefree(useranddomain.tchar_ptr);
    return CURLE_OUT_OF_MEMORY;
  }
-  _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
-  *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
+  if(_tcsncpy_s(dup_domain.tchar_ptr, domlen + 1, domain.tchar_ptr, domlen)) {
+    curlx_unicodefree(dup_domain.tchar_ptr);
+    curlx_unicodefree(useranddomain.tchar_ptr);
+    return CURLE_OUT_OF_MEMORY;
+  }
  identity->Domain = dup_domain.tbyte_ptr;
  identity->DomainLength = curlx_uztoul(domlen);
  dup_domain.tchar_ptr = NULL;
--- a/lib/curlx/fopen.c
+++ b/lib/curlx/fopen.c
@ -158,8 +158,14 @@ static bool fix_excessive_path(const TCHAR *in, TCHAR **out)
      if(!temp)
        goto cleanup;

-      wcsncpy(temp, L"\\\\?\\UNC\\", 8);
-      wcscpy(temp + 8, fbuf + 2);
+      if(wcsncpy_s(temp, needed, L"\\\\?\\UNC\\", 8)) {
+        (free)(temp);
+        goto cleanup;
+      }
+      if(wcscpy_s(temp + 8, needed, fbuf + 2)) {
+        (free)(temp);
+        goto cleanup;
+      }
    }
    else {
      /* "\\?\" + full path + null */
@ -171,8 +177,14 @@ static bool fix_excessive_path(const TCHAR *in, TCHAR **out)
      if(!temp)
        goto cleanup;

-      wcsncpy(temp, L"\\\\?\\", 4);
-      wcscpy(temp + 4, fbuf);
+      if(wcsncpy_s(temp, needed, L"\\\\?\\", 4)) {
+        (free)(temp);
+        goto cleanup;
+      }
+      if(wcscpy_s(temp + 4, needed, fbuf)) {
+        (free)(temp);
+        goto cleanup;
+      }
    }

    (free)(fbuf);