From 1c195ab280da561f38e54449e4eb3d6882c69b3b Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg@nokia.com>
Date: Wed, 25 Feb 2009 17:48:40 +0200
Subject: Fix strncpy length parameters to avoid non-nul-terminated strings

---
 network/bridge.c     | 2 +-
 network/common.c     | 4 ++--
 network/connection.c | 4 ++--
 network/server.c     | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'network')

diff --git a/network/bridge.c b/network/bridge.c
index 7d84349e..995da5c9 100644
--- a/network/bridge.c
+++ b/network/bridge.c
@@ -120,7 +120,7 @@ int bridge_add_interface(int id, const char *dev)
 		return -ENODEV;
 
 	memset(&ifr, 0, sizeof(ifr));
-	strncpy(ifr.ifr_name, name, IFNAMSIZ);
+	strncpy(ifr.ifr_name, name, IFNAMSIZ - 1);
 	ifr.ifr_ifindex = ifindex;
 
 	err = ioctl(bridge_socket, SIOCBRADDIF, &ifr);
diff --git a/network/common.c b/network/common.c
index 371d74bf..f8967afd 100644
--- a/network/common.c
+++ b/network/common.c
@@ -262,7 +262,7 @@ int bnep_if_up(const char *devname, uint16_t id)
 
 	sd = socket(AF_INET6, SOCK_DGRAM, 0);
 	memset(&ifr, 0, sizeof(ifr));
-	strncpy(ifr.ifr_name, devname, IF_NAMESIZE);
+	strncpy(ifr.ifr_name, devname, IF_NAMESIZE - 1);
 
 	ifr.ifr_flags |= IFF_UP;
 	ifr.ifr_flags |= IFF_MULTICAST;
@@ -352,7 +352,7 @@ int bnep_if_down(const char *devname)
 done:
 	sd = socket(AF_INET6, SOCK_DGRAM, 0);
 	memset(&ifr, 0, sizeof(ifr));
-	strncpy(ifr.ifr_name, devname, IF_NAMESIZE);
+	strncpy(ifr.ifr_name, devname, IF_NAMESIZE - 1);
 
 	ifr.ifr_flags &= ~IFF_UP;
 
diff --git a/network/connection.c b/network/connection.c
index bc693aba..843a57a7 100644
--- a/network/connection.c
+++ b/network/connection.c
@@ -169,7 +169,7 @@ static gboolean bnep_watchdog_cb(GIOChannel *chan, GIOCondition cond,
 	bnep_if_down(nc->dev);
 	nc->state = DISCONNECTED;
 	memset(nc->dev, 0, 16);
-	strncpy(nc->dev, prefix, strlen(prefix));
+	strncpy(nc->dev, prefix, sizeof(nc->dev) - 1);
 	g_io_channel_shutdown(chan, TRUE, NULL);
 
 	return FALSE;
@@ -625,7 +625,7 @@ int connection_register(const char *path, bdaddr_t *src, bdaddr_t *dst,
 	nc = g_new0(struct network_conn, 1);
 	nc->id = id;
 	memset(nc->dev, 0, 16);
-	strncpy(nc->dev, prefix, strlen(prefix));
+	strncpy(nc->dev, prefix, sizeof(nc->dev) - 1);
 	nc->state = DISCONNECTED;
 	nc->peer = peer;
 
diff --git a/network/server.c b/network/server.c
index af1a8664..77a1f4b8 100644
--- a/network/server.c
+++ b/network/server.c
@@ -283,7 +283,7 @@ static int server_connadd(struct network_server *ns,
 		return -EPERM;
 
 	memset(devname, 0, 16);
-	strncpy(devname, prefix, strlen(prefix));
+	strncpy(devname, prefix, sizeof(devname) - 1);
 
 	nsk = g_io_channel_unix_get_fd(session->io);
 	err = bnep_connadd(nsk, dst_role, devname);
-- 
cgit