[gssdp] gssdp-client: Use strncpy() instead of strcpy()

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [gssdp] gssdp-client: Use strncpy() instead of strcpy()
Date: Tue, 20 May 2014 09:45:40 +0000 (UTC)

commit 4c07f41c343ccbf5001de2ca6b7cbc004f03c6da
Author: Philip Withnall <philip withnall collabora co uk>
Date:   Mon May 19 10:12:53 2014 +0100

    gssdp-client: Use strncpy() instead of strcpy()
    
    Limit the length of the string copied so a malicious interface name
    cannot overwrite parts of the stack.
    
    Coverity issue: #60337
    
    https://bugzilla.gnome.org/show_bug.cgi?id=730358

 libgssdp/gssdp-client.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/libgssdp/gssdp-client.c b/libgssdp/gssdp-client.c
index 587e912..144ebaf 100644
--- a/libgssdp/gssdp-client.c
+++ b/libgssdp/gssdp-client.c
@@ -1261,7 +1261,7 @@ query_ifindex (const char *iface_name)
                 return -1;
 
         memset (&ifr, 0, sizeof(struct ifreq));
-        strcpy (ifr.ifr_ifrn.ifrn_name, iface_name);
+        strncpy (ifr.ifr_ifrn.ifrn_name, iface_name, IFNAMSIZ);
 
         result = ioctl (fd, SIOCGIFINDEX, (char *)&ifr);
         close (fd);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]