diff options
author | Jindrich Novy <jnovy@redhat.com> | 2020-05-27 11:07:19 +0200 |
---|---|---|
committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2020-05-27 12:38:06 +0200 |
commit | 2d79c0b7d78e55624790a102fbd924a4259eef16 (patch) | |
tree | c90e31e0a0f7364a875fbd51d1fdbb846f8831f3 | |
parent | 0b83636e914a894b324836e3fb2f20a2f7599fc4 (diff) | |
download | slirp-2d79c0b7d78e55624790a102fbd924a4259eef16.zip slirp-2d79c0b7d78e55624790a102fbd924a4259eef16.tar.gz slirp-2d79c0b7d78e55624790a102fbd924a4259eef16.tar.bz2 |
Use secure string copy to avoid overflow
Error: STRING_OVERFLOW (CWE-120): [#def2]
libslirp-4.3.0/src/ip_icmp.c:277: fixed_size_dest: You might overrun the 20-character fixed-size string "bufa" by copying the return value of "inet_ntoa" without checking the length.
275| if (slirp_debug & DBG_MISC) {
276| char bufa[20], bufb[20];
277|-> strcpy(bufa, inet_ntoa(ip->ip_src));
278| strcpy(bufb, inet_ntoa(ip->ip_dst));
279| DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
Error: STRING_OVERFLOW (CWE-120): [#def3]
libslirp-4.3.0/src/ip_icmp.c:278: fixed_size_dest: You might overrun the 20-character fixed-size string "bufb" by copying the return value of "inet_ntoa" without checking the length.
276| char bufa[20], bufb[20];
277| strcpy(bufa, inet_ntoa(ip->ip_src));
278|-> strcpy(bufb, inet_ntoa(ip->ip_dst));
279| DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
280| }
Signed-off-by: Jindrich Novy <jnovy@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-rw-r--r-- | src/ip_icmp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ip_icmp.c b/src/ip_icmp.c index 7533595..13a0e55 100644 --- a/src/ip_icmp.c +++ b/src/ip_icmp.c @@ -277,8 +277,8 @@ void icmp_send_error(struct mbuf *msrc, uint8_t type, uint8_t code, int minsize, ip = mtod(msrc, struct ip *); if (slirp_debug & DBG_MISC) { char bufa[20], bufb[20]; - strcpy(bufa, inet_ntoa(ip->ip_src)); - strcpy(bufb, inet_ntoa(ip->ip_dst)); + slirp_pstrcpy(bufa, sizeof(bufa), inet_ntoa(ip->ip_src)); + slirp_pstrcpy(bufb, sizeof(bufb), inet_ntoa(ip->ip_dst)); DEBUG_MISC(" %.16s to %.16s", bufa, bufb); } if (ip->ip_off & IP_OFFMASK) |