From c941966b4aba2295128ea51c6e157f1a6c6cac6b Mon Sep 17 00:00:00 2001 From: Nate Bargmann Date: Sat, 7 Jan 2012 20:54:49 -0600 Subject: [PATCH] Assure NULL terminated strings in rpc files. Various strncpy operations could result in a port pathname that is not a NULL terminated string as the allowed string length is the same size as the buffer per the strncpy manual page. This is corrected by assuring that the allowed length is FILPATHLEN - 1. --- rpcrig/rpcrigd.c | 6 +++--- rpcrot/rpcrotd.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rpcrig/rpcrigd.c b/rpcrig/rpcrigd.c index 6425453f5..97239821d 100644 --- a/rpcrig/rpcrigd.c +++ b/rpcrig/rpcrigd.c @@ -287,7 +287,7 @@ main (int argc, char *argv[]) } if (rig_file) - strncpy(the_rpc_rig->state.rigport.pathname, rig_file, FILPATHLEN); + strncpy(the_rpc_rig->state.rigport.pathname, rig_file, FILPATHLEN - 1); /* * ex: RIG_PTT_PARALLEL and /dev/parport0 @@ -297,9 +297,9 @@ main (int argc, char *argv[]) if (dcd_type != RIG_DCD_NONE) the_rpc_rig->state.dcdport.type.dcd = dcd_type; if (ptt_file) - strncpy(the_rpc_rig->state.pttport.pathname, ptt_file, FILPATHLEN); + strncpy(the_rpc_rig->state.pttport.pathname, ptt_file, FILPATHLEN - 1); if (dcd_file) - strncpy(the_rpc_rig->state.dcdport.pathname, dcd_file, FILPATHLEN); + strncpy(the_rpc_rig->state.dcdport.pathname, dcd_file, FILPATHLEN - 1); /* FIXME: bound checking and port type == serial */ if (serial_rate != 0) the_rpc_rig->state.rigport.parm.serial.rate = serial_rate; diff --git a/rpcrot/rpcrotd.c b/rpcrot/rpcrotd.c index e1f7e56e3..55e18a550 100644 --- a/rpcrot/rpcrotd.c +++ b/rpcrot/rpcrotd.c @@ -216,7 +216,7 @@ main (int argc, char *argv[]) } if (rot_file) - strncpy(the_rpc_rot->state.rotport.pathname, rot_file, FILPATHLEN); + strncpy(the_rpc_rot->state.rotport.pathname, rot_file, FILPATHLEN - 1); /* FIXME: bound checking and port type == serial */ if (serial_rate != 0) the_rpc_rot->state.rotport.parm.serial.rate = serial_rate;