Repository : ssh://git@open-mesh.org/batctl

On branch : next

commit a9e88d84a50b26dfe95c46703aed9934959c724d Author: Sven Eckelmann sven@narfation.org Date: Sat May 24 14:16:41 2014 +0200

batctl: Use strncpy instead of strcpy for string copy

The data used in strcpy is partially provided by the user. This can be larger than the destination buffer and thus overwrite data after the actual string buffer. This can easily be avoided by using strncpy.

Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: Marek Lindner mareklindner@neomailbox.ch

a9e88d84a50b26dfe95c46703aed9934959c724d debugfs.c | 4 +++- ioctl.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/debugfs.c b/debugfs.c index 8dd78b1..7b3a4b2 100644 --- a/debugfs.c +++ b/debugfs.c @@ -74,7 +74,9 @@ const char *debugfs_find_mountpoint(void) while (*ptr) { if (debugfs_valid_mountpoint(*ptr) == 0) { debugfs_found = 1; - strcpy(debugfs_mountpoint, *ptr); + strncpy(debugfs_mountpoint, *ptr, + sizeof(debugfs_mountpoint)); + debugfs_mountpoint[sizeof(debugfs_mountpoint) - 1] = '\0'; return debugfs_mountpoint; } ptr++; diff --git a/ioctl.c b/ioctl.c index 1f827e8..d3d182f 100644 --- a/ioctl.c +++ b/ioctl.c @@ -105,7 +105,8 @@ int ioctl_statistics_get(char *mesh_iface) int fd = -1, ret = EXIT_FAILURE;

memset(&ifr, 0, sizeof(ifr)); - strcpy(ifr.ifr_name, mesh_iface); + strncpy(ifr.ifr_name, mesh_iface, sizeof(ifr.ifr_name)); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';

fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) {