strncpy() fix in wrt-launcher against buffer overflow.

[Issue#]   N/A
[Problem]  Riskiness of buffer overflow.
[Cause]    The strncpy() was used incorrectly.
[Solution] Fixed to refer proper buffer size in strncpy().

Change-Id: Ia543e0e181cb6ddb30c7df371caed366aa190e15

diff --git a/src/wrt-launcher/wrt-launcher.cpp b/src/wrt-launcher/wrt-launcher.cpp
index 1079035..33297e5 100644 (file)
--- a/src/wrt-launcher/wrt-launcher.cpp
+++ b/src/wrt-launcher/wrt-launcher.cpp
@@ -40,6 +40,7 @@
 #define WEBAPP_DEFAULT_GID  5000
 #define LOGGING_DEFAULT_GID 6509
 #define RETURN_ERROR -1
+#define BUF_SIZE 1024
 
 static const char *program;
 
@@ -238,8 +239,8 @@ int main(int argc, char* argv[])
     {
         int next_opt, opt_idx = 0;
         int timeout = TIMEOUT_DEFAULT;
-        char applicationId[256] = "";
-        char temp_arg[256] = "";
+        char applicationId[BUF_SIZE] = "";
+        char temp_arg[BUF_SIZE] = "";
         char pid[6] = "";
         char op = '\0';
         bool isDebugMode = false;
@@ -309,7 +310,8 @@ int main(int argc, char* argv[])
             case 's':
             case 'k':
             case 'r':
-                strncpy(temp_arg, optarg, strlen(optarg));
+                strncpy(temp_arg, optarg, BUF_SIZE);
+                temp_arg[BUF_SIZE-1] = '\0';
                 op = next_opt;
                 break;
 
@@ -362,7 +364,8 @@ int main(int argc, char* argv[])
                 }
             }
             if (!temp.empty()) {
-                strncpy(applicationId, temp.c_str(), strlen(temp.c_str()));
+                strncpy(applicationId, temp.c_str(), BUF_SIZE);
+                applicationId[BUF_SIZE-1] = '\0';
             } else {
                 printf("result: %s\n", "failed");
                 return -1;