From 34560120f9ddca5a13d761d90e5b01e232bf7fb4 Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Thu, 17 Oct 2019 09:12:12 -0700
Subject: [PATCH] util: add bounds check to util_get_{domain,username}

Replace uses of strcpy by the safer l_strlcpy.  Note that both of these
functions can only be called with a buffer of max 253 bytes (the
identity string), so this is purely a precautionary measure.
---
 src/util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util.c b/src/util.c
index cce2a90b..a38dd380 100644
--- a/src/util.c
+++ b/src/util.c
@@ -176,7 +176,7 @@ const char *util_get_domain(const char *identity)
 			memcpy(domain, identity, c - identity);
 			return domain;
 		case '@':
-			strcpy(domain, c + 1);
+			l_strlcpy(domain, c + 1, sizeof(domain));
 			return domain;
 		default:
 			continue;
@@ -197,7 +197,7 @@ const char *util_get_username(const char *identity)
 	for (c = identity; *c; c++) {
 		switch (*c) {
 		case '\\':
-			strcpy(username, c + 1);
+			l_strlcpy(username, c + 1, sizeof(username));
 			return username;
 		case '@':
 			memcpy(username, identity, c - identity);