After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 730358 - gssdp-client: Use strncpy() instead of strcpy()
gssdp-client: Use strncpy() instead of strcpy()
Status: RESOLVED FIXED
Product: gssdp
Classification: Other
Component: General
unspecified
Other All
: Normal normal
: ---
Assigned To: GUPnP Maintainers
GUPnP Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-05-19 09:15 UTC by Philip Withnall
Modified: 2019-02-22 09:30 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gssdp-client: Use strncpy() instead of strcpy() (999 bytes, patch)
2014-05-19 09:15 UTC, Philip Withnall
committed Details | Review

Description Philip Withnall 2014-05-19 09:15:32 UTC
Patch attached. I don't know if this issue is exploitable.
Comment 1 Philip Withnall 2014-05-19 09:15:38 UTC
Created attachment 276746 [details] [review]
gssdp-client: Use strncpy() instead of strcpy()

Limit the length of the string copied so a malicious interface name
cannot overwrite parts of the stack.

Coverity issue: #60337
Comment 2 Jens Georg 2014-05-20 06:40:27 UTC
Review of attachment 276746 [details] [review]:

+1
Comment 3 Philip Withnall 2014-05-20 09:46:16 UTC
Attachment 276746 [details] pushed as 4c07f41 - gssdp-client: Use strncpy() instead of strcpy()