[sr-dev] git:master:7e8a70e9: jsonrcps: use strncpy() for setting boundaries

[Victor Seva]

Module: kamailio
Branch: master
Commit: 7e8a70e9bf3d0b52eae1b7933633095686f234b2
URL: 
https://github.com/kamailio/kamailio/commit/7e8a70e9bf3d0b52eae1b7933633095686f234b2

Author: Victor Seva <linuxman...@torreviejawireless.org>
Committer: Victor Seva <linuxman...@torreviejawireless.org>
Date: 2023-07-13T00:12:59+02:00

jsonrcps: use strncpy() for setting boundaries

* use strncat()

> https://github.com/kamailio/kamailio/security/code-scanning/2381
> https://github.com/kamailio/kamailio/security/code-scanning/2380
> https://github.com/kamailio/kamailio/security/code-scanning/1843
> https://github.com/kamailio/kamailio/security/code-scanning/1841

---

Modified: src/modules/jsonrpcs/jsonrpcs_fifo.c
Modified: src/modules/jsonrpcs/jsonrpcs_sock.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/7e8a70e9bf3d0b52eae1b7933633095686f234b2.diff
Patch: 
https://github.com/kamailio/kamailio/commit/7e8a70e9bf3d0b52eae1b7933633095686f234b2.patch

---

diff --git a/src/modules/jsonrpcs/jsonrpcs_fifo.c 
b/src/modules/jsonrpcs/jsonrpcs_fifo.c
index f6ff7049890..906deb03334 100644
--- a/src/modules/jsonrpcs/jsonrpcs_fifo.c
+++ b/src/modules/jsonrpcs/jsonrpcs_fifo.c
@@ -560,10 +560,10 @@ int jsonrpc_fifo_mod_init(void)
                                LM_ERR("no more pkg\n");
                                return -1;
                        }
-                       strcpy(p, runtime_dir);
+                       strncpy(p, runtime_dir, len);
                        if(sep)
                                strcat(p, "/");
-                       strcat(p, jsonrpc_fifo);
+                       strncat(p, jsonrpc_fifo, len - strlen(runtime_dir) - 
sep);
                        jsonrpc_fifo = p;
                        LM_DBG("fifo path is [%s]\n", jsonrpc_fifo);
                }
diff --git a/src/modules/jsonrpcs/jsonrpcs_sock.c 
b/src/modules/jsonrpcs/jsonrpcs_sock.c
index 4c6eb028a69..c73687a8239 100644
--- a/src/modules/jsonrpcs/jsonrpcs_sock.c
+++ b/src/modules/jsonrpcs/jsonrpcs_sock.c
@@ -205,10 +205,10 @@ int jsonrpc_dgram_mod_init(void)
                                LM_ERR("no more pkg\n");
                                return -1;
                        }
-                       strcpy(p, runtime_dir);
+                       strncpy(p, runtime_dir, len);
                        if(sep)
                                strcat(p, "/");
-                       strcat(p, jsonrpc_dgram_socket);
+                       strncat(p, jsonrpc_dgram_socket, len - 
strlen(runtime_dir) - sep);
                        jsonrpc_dgram_socket = p;
                        LM_DBG("unix socket path is [%s]\n", 
jsonrpc_dgram_socket);
                }

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org