From e2f9a08107548705a13e9f007814c4ad426aec48 Mon Sep 17 00:00:00 2001 From: Ondrej Holy Date: Tue, 19 Dec 2017 12:21:34 +0100 Subject: [PATCH] tsmf: Prevent string overflow and unterminated strings Device variable can overflow, or be unterminated. Replace strcpy by strncpy and be sure that the string is terminated (sizeof() - 1). --- channels/tsmf/client/alsa/tsmf_alsa.c | 2 +- channels/tsmf/client/oss/tsmf_oss.c | 2 +- channels/tsmf/client/pulse/tsmf_pulse.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/channels/tsmf/client/alsa/tsmf_alsa.c b/channels/tsmf/client/alsa/tsmf_alsa.c index 02f3941..78a0a66 100644 --- a/channels/tsmf/client/alsa/tsmf_alsa.c +++ b/channels/tsmf/client/alsa/tsmf_alsa.c @@ -72,7 +72,7 @@ static BOOL tsmf_alsa_open(ITSMFAudioDevice *audio, const char *device) } else { - strncpy(alsa->device, device, sizeof(alsa->device)); + strncpy(alsa->device, device, sizeof(alsa->device) - 1); } return tsmf_alsa_open_device(alsa); } diff --git a/channels/tsmf/client/oss/tsmf_oss.c b/channels/tsmf/client/oss/tsmf_oss.c index 305f0ce..db88ddb 100644 --- a/channels/tsmf/client/oss/tsmf_oss.c +++ b/channels/tsmf/client/oss/tsmf_oss.c @@ -81,7 +81,7 @@ static BOOL tsmf_oss_open(ITSMFAudioDevice* audio, const char* device) } else { - strncpy(oss->dev_name, device, sizeof(oss->dev_name)); + strncpy(oss->dev_name, device, sizeof(oss->dev_name) - 1); } if ((oss->pcm_handle = open(oss->dev_name, O_WRONLY)) < 0) diff --git a/channels/tsmf/client/pulse/tsmf_pulse.c b/channels/tsmf/client/pulse/tsmf_pulse.c index b61f989..e6da925 100644 --- a/channels/tsmf/client/pulse/tsmf_pulse.c +++ b/channels/tsmf/client/pulse/tsmf_pulse.c @@ -115,7 +115,7 @@ static BOOL tsmf_pulse_open(ITSMFAudioDevice *audio, const char *device) TSMFPulseAudioDevice *pulse = (TSMFPulseAudioDevice *) audio; if(device) { - strcpy(pulse->device, device); + strncpy(pulse->device, device, sizeof(pulse->device) - 1); } pulse->mainloop = pa_threaded_mainloop_new(); if(!pulse->mainloop) -- 2.7.4