diff options
author | Christophe Fergeau <cfergeau@redhat.com> | 2012-11-23 12:59:39 +0100 |
---|---|---|
committer | Christophe Fergeau <cfergeau@redhat.com> | 2012-12-12 18:15:47 +0100 |
commit | 0b1d268011dc0b1518b61cb21073f21cdc53628f (patch) | |
tree | bfa88245b94d09c87ad4df09a938f6900ac2523e /server | |
parent | 5c91735b2c81a47cf88c84256f4d36a888923549 (diff) | |
download | spice-0b1d268011dc0b1518b61cb21073f21cdc53628f.tar.gz spice-0b1d268011dc0b1518b61cb21073f21cdc53628f.tar.xz spice-0b1d268011dc0b1518b61cb21073f21cdc53628f.zip |
Make sure strncpy'ed string are 0-terminated
spice_server_set_ticket and spice_server_set_addr get (library)
user-provided strings as arguments, and copy them to fixed-size
buffers using strncpy. However, if these strings are too long,
the copied string will not be 0-terminated, which will cause issues
later. This commit copies one byte less than the size of the
destination buffer. In both cases, this buffer is a static global
variable, so its memory will be set to 0.
Diffstat (limited to 'server')
-rw-r--r-- | server/reds.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/server/reds.c b/server/reds.c index a896cf2a..7f729ca5 100644 --- a/server/reds.c +++ b/server/reds.c @@ -3981,7 +3981,7 @@ SPICE_GNUC_VISIBLE int spice_server_set_port(SpiceServer *s, int port) SPICE_GNUC_VISIBLE void spice_server_set_addr(SpiceServer *s, const char *addr, int flags) { spice_assert(reds == s); - strncpy(spice_addr, addr, sizeof(spice_addr)); + strncpy(spice_addr, addr, sizeof(spice_addr)-1); if (flags & SPICE_ADDR_FLAG_IPV4_ONLY) { spice_family = PF_INET; } @@ -4072,7 +4072,7 @@ SPICE_GNUC_VISIBLE int spice_server_set_ticket(SpiceServer *s, taTicket.expiration_time = now + lifetime; } if (passwd != NULL) { - strncpy(taTicket.password, passwd, sizeof(taTicket.password)); + strncpy(taTicket.password, passwd, sizeof(taTicket.password)-1); } else { memset(taTicket.password, 0, sizeof(taTicket.password)); taTicket.expiration_time = 0; |