Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

util: add bounds check to util_get_{domain,username} 

Replace uses of strcpy by the safer l_strlcpy.  Note that both of these
functions can only be called with a buffer of max 253 bytes (the
identity string), so this is purely a precautionary measure.
This commit is contained in:
James Prestwood 2019-10-17 09:12:12 -07:00 committed by Denis Kenzior
parent 65f279dc1e
commit 34560120f9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/util.c
View File

@ -176,7 +176,7 @@ const char *util_get_domain(const char *identity)
memcpy(domain, identity, c - identity); memcpy(domain, identity, c - identity);
return domain; return domain;
case '@': case '@':
strcpy(domain, c + 1); l_strlcpy(domain, c + 1, sizeof(domain));
return domain; return domain;
default: default:
continue; continue;
@ -197,7 +197,7 @@ const char *util_get_username(const char *identity)
for (c = identity; *c; c++) { for (c = identity; *c; c++) {
switch (*c) { switch (*c) {
case '\\': case '\\':
strcpy(username, c + 1); l_strlcpy(username, c + 1, sizeof(username));
return username; return username;
case '@': case '@':
memcpy(username, identity, c - identity); memcpy(username, identity, c - identity);