GNOME Bugzilla – Bug 764677
gssdp-client: Fix potential strncpy() buffer overflow
Last modified: 2019-02-22 09:29:25 UTC
This was introduced with commit f81a63fef856180029508268b2c2f6320a99a984 which references bug #653894, but that looks totally unrelated so I’ve opened a new bug for this fix. This was spotted by Coverity — Jens, you should listen for the Coverity report e-mails. :-)
Created attachment 325475 [details] [review] gssdp-client: Fix potential strncpy() buffer overflow strncpy() does not append a nul terminator if the input string is at least as long as the output buffer length — so you must always reserve space in the output buffer for a nul terminator. The req structure was previously memset() to zero, so a nul terminator is present in arp_dev already. Spotted by Coverity (CID: 143731).
That would work I I wouldn't have spent the whole day in meetings :)
(In reply to Jens Georg from comment #2) > That would work I I wouldn't have spent the whole day in meetings :) :-( Ack or nack on the patch?
Review of attachment 325475 [details] [review]: Sorry +1
Attachment 325475 [details] pushed as 67769db - gssdp-client: Fix potential strncpy() buffer overflow