kekePower/rdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use STRNCPY() macro in smart card code

Browse Source 
The previous code did not do a proper bounds check and could result
in buffer overflows and unterminated strings if long names were
specified.
This commit is contained in:
Pierre Ossman 2019-04-10 11:14:12 +02:00
parent 48b184477e
commit 092fc20921
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
scard.c
View File

@ -237,10 +237,8 @@ scard_enum_devices(uint32 * id, char *optarg)
tmpMap = nameMapList + nameMapCount - 1;
len = strlen(alias);
strncpy(tmpMap->alias, alias, (len > 127) ? (127) : (len));
len = strlen(name);
strncpy(tmpMap->name, name, (len > 127) ? (127) : (len));
STRNCPY(tmpMap->alias, alias, sizeof(tmpMap->alias));
STRNCPY(tmpMap->name, name, sizeof(tmpMap->name));
if (vendor)
{
@ -248,8 +246,8 @@ scard_enum_devices(uint32 * id, char *optarg)
if (len > 0)
{
memset(tmpMap->vendor, 0, 128);
strncpy(tmpMap->vendor, vendor,
(len > 127) ? (127) : (len));
STRNCPY(tmpMap->vendor, vendor,
sizeof(tmpMap->vendor));
}
else
tmpMap->vendor[0] = '\0';