From ce06fb6069065c3d68475356c0728a5fa0a4ab74 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 20 Mar 2019 08:19:18 +0100
Subject: conntrackd: use strncpy() to unix path

Make sure we don't go over the buffer boundary.

Reported-by: Rijnard van Tonder <rvt@cmu.edu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/read_config_yy.y | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 6de8c6c..1d510ed 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -25,6 +25,7 @@
 #include <netdb.h>
 #include <errno.h>
 #include <stdarg.h>
+#include <limits.h>
 #include "conntrackd.h"
 #include "bitops.h"
 #include "cidr.h"
@@ -650,7 +651,7 @@ unix_options:
 
 unix_option : T_PATH T_PATH_VAL
 {
-	strcpy(conf.local.path, $2);
+	strncpy(conf.local.path, $2, PATH_MAX);
 };
 
 unix_option : T_BACKLOG T_NUMBER
-- 
cgit v1.2.3