From ba183db70cb228eaaaf4c5b0090ba2608b05d2c5 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Mon, 16 Jan 2006 00:52:20 +0000 Subject: [PATCH] Replace strncpy() with strlcpy() when parsing login time limit strings from /etc/login.conf, or an unterminated string buffer could result. Probably, login_times.c should reject excessively long time strings as unparseable, rather than truncating, which might render an invalid string valid. Found with: Coverity Prevent (tm) Reviewed by: csjp MFC after: 3 days --- lib/libutil/login_times.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libutil/login_times.c b/lib/libutil/login_times.c index 10e88dd5a5f3..fda358523a67 100644 --- a/lib/libutil/login_times.c +++ b/lib/libutil/login_times.c @@ -72,7 +72,7 @@ parse_lt(const char * str) char buf[64]; /* Make local copy and force lowercase to simplify parsing */ - p = strncpy(buf, str, sizeof buf); + p = strlcpy(buf, str, sizeof buf); buf[sizeof buf - 1] = '\0'; for (i = 0; buf[i]; i++) buf[i] = (char)tolower(buf[i]);