j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Fix unsafe use of strncpy() and sprintf().

Browse source 
The strncpy() problem was found by cppcheck.
This commit is contained in:
Guus Sliepen 2014-07-12 14:35:29 +02:00
parent 31361075d3
commit 5ffdff685a
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/subnet_parse.c
View file

@ -186,6 +186,7 @@ int subnet_compare(const subnet_t *a, const subnet_t *b) {
bool str2net(subnet_t *subnet, const char *subnetstr) {
char str[1024];
strncpy(str, subnetstr, sizeof(str));
str[sizeof str - 1] = 0;
int consumed;
int weight = DEFAULT_WEIGHT;
@ -255,7 +256,7 @@ bool str2net(subnet_t *subnet, const char *subnetstr) {
for (int i = 0; i < 4; i++)
if (x[i] > 255)
return false;
sprintf(last_colon, ":%02x%02x:%02x%02x", x[0], x[1], x[2], x[3]);
snprintf(last_colon, sizeof str - (last_colon - str), ":%02x%02x:%02x%02x", x[0], x[1], x[2], x[3]);
}
char* double_colon = strstr(str, "::");