Use strncpy() always copying labels.

Defence in depth and a good practice. Places an absolute limit
to the length copied.
(cherry picked from commit 0eee8f8b3efd153c5ef09c08244e189f0cda51a4)

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index c1bc40e..83988f1 100644 (file)
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -179,8 +179,8 @@ int smack_accesses_add(struct smack_accesses *handle, const char *subject,
        if (rule == NULL)
                return -1;
 
-       strcpy(rule->subject, subject);
-       strcpy(rule->object, object);
+       strncpy(rule->subject, subject, SMACK_LABEL_LEN);
+       strncpy(rule->object, object, SMACK_LABEL_LEN);
        parse_access_type(access_type, rule->access_type);
 
        if (handle->first == NULL) {
@@ -209,8 +209,8 @@ int smack_accesses_add_modify(struct smack_accesses *handle,
        if (rule == NULL)
                return -1;
 
-       strcpy(rule->subject, subject);
-       strcpy(rule->object, object);
+       strncpy(rule->subject, subject, SMACK_LABEL_LEN);
+       strncpy(rule->object, object, SMACK_LABEL_LEN);
        parse_access_type(allow_access_type, rule->allow_access_type);
        parse_access_type(deny_access_type, rule->deny_access_type);
        rule->is_modify = 1;
@@ -433,7 +433,7 @@ int smack_cipso_add_from_file(struct smack_cipso *cipso, int fd)
                if (smack_label_length(label) < 0 || level == NULL)
                        goto err_out;
 
-               strcpy(mapping->label, label);
+               strncpy(mapping->label, label, SMACK_LABEL_LEN);
 
                errno = 0;
                val = strtol(level, NULL, 10);