[sr-dev] git:master:77ca2e93: permissions: use strncpy() for setting boundaries

Wed, 12 Jul 2023 15:18:28 -0700 

Module: kamailio
Branch: master
Commit: 77ca2e93e945fe46783e953d58bc546d9d6d1b81
URL: 
https://github.com/kamailio/kamailio/commit/77ca2e93e945fe46783e953d58bc546d9d6d1b81

Author: Victor Seva <[email protected]>
Committer: Victor Seva <[email protected]>
Date: 2023-07-13T00:12:59+02:00

permissions: use strncpy() for setting boundaries

> https://github.com/kamailio/kamailio/security/code-scanning/2616
> https://github.com/kamailio/kamailio/security/code-scanning/1845

---

Modified: src/modules/permissions/parse_config.c
Modified: src/modules/permissions/rule.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/77ca2e93e945fe46783e953d58bc546d9d6d1b81.diff
Patch: 
https://github.com/kamailio/kamailio/commit/77ca2e93e945fe46783e953d58bc546d9d6d1b81.patch

---

diff --git a/src/modules/permissions/parse_config.c 
b/src/modules/permissions/parse_config.c
index 20fdf8b6c47..7bf0c95a4fc 100644
--- a/src/modules/permissions/parse_config.c
+++ b/src/modules/permissions/parse_config.c
@@ -1,7 +1,7 @@
 /*
  * PERMISSIONS module
  *
- * Copyright (C) 2003 Mikl?s Tirp?k ([email protected])
+ * Copyright (C) 2003 Mikl??s Tirp??k ([email protected])
  *
  * This file is part of Kamailio, a free SIP server.
  *
@@ -137,7 +137,7 @@ static int parse_expression(char *sv, expression **e, 
expression **e_exceptions)
                }
        } else {
                /* no exception */
-               strcpy(str2, sv);
+               strncpy(str2, sv, LINE_LENGTH);
                *e_exceptions = NULL;
        }
 
diff --git a/src/modules/permissions/rule.c b/src/modules/permissions/rule.c
index 3140acfe01f..f315d10d749 100644
--- a/src/modules/permissions/rule.c
+++ b/src/modules/permissions/rule.c
@@ -1,7 +1,7 @@
 /*
  * PERMISSIONS module
  *
- * Copyright (C) 2003 Mikl?s Tirp?k ([email protected])
+ * Copyright (C) 2003 Mikl??s Tirp??k ([email protected])
  *
  * This file is part of Kamailio, a free SIP server.
  *
@@ -148,7 +148,7 @@ expression *new_expression(char *sv)
                return 0;
        }
 
-       strcpy(e->value, sv);
+       strncpy(e->value, sv, EXPRESSION_LENGTH);
 
        e->reg_value = (regex_t *)pkg_malloc(sizeof(regex_t));
        if(!e->reg_value) {


_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to [email protected]

Reply via email to