From 7e5f8ed7bc862ef56b4ae5c5c26b833b801e1ad5 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Sat, 26 May 2018 11:44:30 +0200 Subject: Avoid buffer overrun in config_parse_str() The previous implementation only read a prefix from the configuration file if the configuration value was too long and forgot to terminate the string with a NUL character. Return 0 if the string is too long instead. Signed-off-by: Lukas Fleischer --- src/config.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/config.c b/src/config.c index 3221f23..8dbfa31 100644 --- a/src/config.c +++ b/src/config.c @@ -162,7 +162,12 @@ static int config_parse_int(int *dest, const char *val) static int config_parse_str(char *dest, const char *val) { - strncpy(dest, val, BUFSIZ); + int len = strlen(val); + + if (len >= BUFSIZ) + return 0; + + memcpy(dest, val, len + 1); return 1; } -- cgit v1.2.3-70-g09d2