From 1a413b5b4e6f74af310c153c84686e02d3834127 Mon Sep 17 00:00:00 2001 From: Ondrej Holy Date: Fri, 17 Aug 2018 16:25:20 +0200 Subject: [PATCH] core/tcp: Prevent buffer overflow found by covscan buffer_size_warning: Calling strncpy with a maximum size argument of 108 bytes on destination array "addr.sun_path" of size 108 bytes might leave the destination string unterminated. --- libfreerdp/core/tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c index 6db9e4e..45c3ed5 100644 --- a/libfreerdp/core/tcp.c +++ b/libfreerdp/core/tcp.c @@ -736,7 +736,7 @@ static int freerdp_uds_connect(const char* path) #ifndef _WIN32 int status; int sockfd; - struct sockaddr_un addr; + struct sockaddr_un addr = { 0 }; sockfd = socket(AF_UNIX, SOCK_STREAM, 0); if (sockfd == -1) @@ -746,7 +746,7 @@ static int freerdp_uds_connect(const char* path) } addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, path, sizeof(addr.sun_path)); + strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1); status = connect(sockfd, (struct sockaddr*) &addr, sizeof(addr)); if (status < 0) -- 2.7.4