diff options
author | Jaromír Končický <jkoncick@redhat.com> | 2013-10-15 21:55:52 +0200 |
---|---|---|
committer | Bart De Schuymer <bdschuym@pandora.be> | 2013-10-15 21:55:52 +0200 |
commit | 8f586939999e039563fee6bca4685895067a2b77 (patch) | |
tree | fd857300b1354616914a8d78cd8b3d4ab7b3428e /libarptc | |
parent | ee4ec133bc5616f3d2b9efd468dfc1d42ca1c17d (diff) |
fix potential buffer overflows reported by static analysis
Diffstat (limited to 'libarptc')
-rw-r--r-- | libarptc/libarptc_incl.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c index 2fa3d43..9c1aeac 100644 --- a/libarptc/libarptc_incl.c +++ b/libarptc/libarptc_incl.c @@ -209,8 +209,10 @@ alloc_handle(const char *tablename, unsigned int size, unsigned int num_rules) h->counter_map = (void *)h + sizeof(STRUCT_TC_HANDLE) + size; - strcpy(h->info.name, tablename); - strcpy(h->entries.name, tablename); + strncpy(h->info.name, tablename, sizeof(h->info.name)); + h->info.name[sizeof(h->info.name)-1] = '\0'; + strncpy(h->entries.name, tablename, sizeof(h->entries.name)); + h->entries.name[sizeof(h->entries.name)-1] = '\0'; return h; } @@ -357,8 +359,9 @@ add_chain(STRUCT_ENTRY *e, TC_HANDLE_T h, STRUCT_ENTRY **prev) h->cache_chain_heads[h->cache_num_chains-1].end = *prev; - strcpy(h->cache_chain_heads[h->cache_num_chains].name, - (const char *)GET_TARGET(e)->data); + strncpy(h->cache_chain_heads[h->cache_num_chains].name, + (const char *)GET_TARGET(e)->data, TABLE_MAXNAMELEN-1); + h->cache_chain_heads[h->cache_num_chains].name[TABLE_MAXNAMELEN-1] = '\0'; h->cache_chain_heads[h->cache_num_chains].start = (void *)e + e->next_offset; h->cache_num_chains++; @@ -368,8 +371,9 @@ add_chain(STRUCT_ENTRY *e, TC_HANDLE_T h, STRUCT_ENTRY **prev) h->cache_chain_heads[h->cache_num_chains-1].end = *prev; - strcpy(h->cache_chain_heads[h->cache_num_chains].name, - h->hooknames[builtin-1]); + strncpy(h->cache_chain_heads[h->cache_num_chains].name, + h->hooknames[builtin-1], TABLE_MAXNAMELEN-1); + h->cache_chain_heads[h->cache_num_chains].name[TABLE_MAXNAMELEN-1] = '\0'; h->cache_chain_heads[h->cache_num_chains].start = (void *)e; h->cache_num_chains++; |