Bug 730358 – gssdp-client: Use strncpy() instead of strcpy()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 730358 - gssdp-client: Use strncpy() instead of strcpy()


Summary:	gssdp-client: Use strncpy() instead of strcpy()


Status:	RESOLVED FIXED

Product:	gssdp
Classification:	Other
Component:	General
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GUPnP Maintainers
QA Contact:	GUPnP Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-05-19 09:15 UTC by Philip Withnall
Modified:	2019-02-22 09:30 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gssdp-client: Use strncpy() instead of strcpy() (999 bytes, patch) 2014-05-19 09:15 UTC, Philip Withnall	committed	Details \| Review

Description Philip Withnall 2014-05-19 09:15:32 UTC

Patch attached. I don't know if this issue is exploitable.

Comment 1 Philip Withnall 2014-05-19 09:15:38 UTC

Created attachment 276746 [details] [review]
gssdp-client: Use strncpy() instead of strcpy()

Limit the length of the string copied so a malicious interface name
cannot overwrite parts of the stack.

Coverity issue: #60337

Comment 2 Jens Georg 2014-05-20 06:40:27 UTC

Review of attachment 276746 [details] [review]:

+1

Comment 3 Philip Withnall 2014-05-20 09:46:16 UTC

Attachment 276746 [details] pushed as 4c07f41 - gssdp-client: Use strncpy() instead of strcpy()