From 03f941baecebb4ddaf49c3a59e7d884a3d3046da Mon Sep 17 00:00:00 2001 From: Tae-Jeong Lee Date: Wed, 30 Oct 2013 12:04:49 +0900 Subject: [PATCH] strncpy() fix in wrt-launcher against buffer overflow. [Issue#] N/A [Problem] Riskiness of buffer overflow. [Cause] The strncpy() was used incorrectly. [Solution] Fixed to refer proper buffer size in strncpy(). Change-Id: Ia543e0e181cb6ddb30c7df371caed366aa190e15 --- src/wrt-launcher/wrt-launcher.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/wrt-launcher/wrt-launcher.cpp b/src/wrt-launcher/wrt-launcher.cpp index 1079035..33297e5 100644 --- a/src/wrt-launcher/wrt-launcher.cpp +++ b/src/wrt-launcher/wrt-launcher.cpp @@ -40,6 +40,7 @@ #define WEBAPP_DEFAULT_GID 5000 #define LOGGING_DEFAULT_GID 6509 #define RETURN_ERROR -1 +#define BUF_SIZE 1024 static const char *program; @@ -238,8 +239,8 @@ int main(int argc, char* argv[]) { int next_opt, opt_idx = 0; int timeout = TIMEOUT_DEFAULT; - char applicationId[256] = ""; - char temp_arg[256] = ""; + char applicationId[BUF_SIZE] = ""; + char temp_arg[BUF_SIZE] = ""; char pid[6] = ""; char op = '\0'; bool isDebugMode = false; @@ -309,7 +310,8 @@ int main(int argc, char* argv[]) case 's': case 'k': case 'r': - strncpy(temp_arg, optarg, strlen(optarg)); + strncpy(temp_arg, optarg, BUF_SIZE); + temp_arg[BUF_SIZE-1] = '\0'; op = next_opt; break; @@ -362,7 +364,8 @@ int main(int argc, char* argv[]) } } if (!temp.empty()) { - strncpy(applicationId, temp.c_str(), strlen(temp.c_str())); + strncpy(applicationId, temp.c_str(), BUF_SIZE); + applicationId[BUF_SIZE-1] = '\0'; } else { printf("result: %s\n", "failed"); return -1; -- 2.7.4