Replace strncpy() with strlcpy() when parsing login time limit strings
from /etc/login.conf, or an unterminated string buffer could result. Probably, login_times.c should reject excessively long time strings as unparseable, rather than truncating, which might render an invalid string valid. Found with: Coverity Prevent (tm) Reviewed by: csjp MFC after: 3 days
This commit is contained in:
parent
c21f7757d2
commit
ba183db70c
@ -72,7 +72,7 @@ parse_lt(const char * str)
|
||||
char buf[64];
|
||||
|
||||
/* Make local copy and force lowercase to simplify parsing */
|
||||
p = strncpy(buf, str, sizeof buf);
|
||||
p = strlcpy(buf, str, sizeof buf);
|
||||
buf[sizeof buf - 1] = '\0';
|
||||
for (i = 0; buf[i]; i++)
|
||||
buf[i] = (char)tolower(buf[i]);
|
||||
|
Loading…
Reference in New Issue
Block a user