[njs] Improved njs_ftw().

Dmitry Volyntsev Thu, 23 Dec 2021 05:31:54 -0800

details:   https://hg.nginx.org/njs/rev/9e1fd062a1d8
branches:  
changeset: 1779:9e1fd062a1d8
user:      Dmitry Volyntsev <xei...@nginx.com>
date:      Thu Dec 23 13:30:44 2021 +0000
description:
Improved njs_ftw().


Replacing strcpy() with memcpy() as the former is considered
insecure.

Found by Clang static analyzer.

diffstat:

 external/njs_fs.c |  2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff -r 82518ae9f209 -r 9e1fd062a1d8 external/njs_fs.c
--- a/external/njs_fs.c Wed Dec 22 17:22:14 2021 +0000
+++ b/external/njs_fs.c Thu Dec 23 13:30:44 2021 +0000
@@ -2153,7 +2153,7 @@ njs_ftw(char *path, njs_file_tree_walk_c
             }
 
             path[base] = '/';
-            strcpy(path + base + 1, d_name);
+            memcpy(&path[base + 1], d_name, length + sizeof("\0"));
 
             if (fd_limit != 0) {
                 ret = njs_ftw(path, cb, fd_limit - 1, flags, &trace);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Improved njs_ftw().

Reply via email to