diff options
author | Romain Forlot <romain.forlot@iot.bzh> | 2018-05-17 02:28:48 +0200 |
---|---|---|
committer | Romain Forlot <romain.forlot@iot.bzh> | 2018-05-17 02:28:48 +0200 |
commit | f5f1e251131b6dd54b8f7bb9a31a7ef6e231a947 (patch) | |
tree | 1f3b85660d219ee811b462a69815e560c0006da9 | |
parent | bb225251d33fff921cc74df049864c0e4df4a7b1 (diff) |
More secure way to use strncat and strncpy
This ensure not data will be written out of bound
of the destination variable buffer
Change-Id: I4d736855f085fc5f728258c5928fed7191df46b4
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
-rw-r--r-- | filescan-utils.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/filescan-utils.c b/filescan-utils.c index 8a64e58..8a155cf 100644 --- a/filescan-utils.c +++ b/filescan-utils.c @@ -58,8 +58,8 @@ json_object* ScanForConfig (const char* searchPath, CtlScanDirModeT mode, const if (dirEnt->d_name[0]=='.' || dirEnt->d_name[0]=='_') continue; strncpy(newpath, searchPath, sizeof(newpath)); - strncat(newpath, "/", sizeof(newpath)-strlen(newpath)-1); - strncat(newpath, dirEnt->d_name, sizeof(newpath)-strlen(newpath)-1); + strncat(newpath, "/", sizeof(newpath) - strlen(newpath) - 1); + strncat(newpath, dirEnt->d_name, sizeof(newpath) - strlen(newpath) - 1); found += ScanDir(newpath); continue; } @@ -153,7 +153,7 @@ char *GetBindingDirPath(struct afb_dynapi *dynapi) if((len = readlink(fd_link, retdir, sizeof(retdir)-1)) == -1) { perror("lstat"); - strncpy(retdir, "/tmp", 4); + strncpy(retdir, "/tmp", CONTROL_MAXPATH_LEN - 1); } else { |