[sr-dev] git:master:675f6c02: core: modparam use strncpy() for setting boundaries

Wed, 12 Jul 2023 15:18:28 -0700 

Module: kamailio
Branch: master
Commit: 675f6c0224897544d30f5f863c503499b2e5f2fe
URL: 
https://github.com/kamailio/kamailio/commit/675f6c0224897544d30f5f863c503499b2e5f2fe

Author: Victor Seva <[email protected]>
Committer: Victor Seva <[email protected]>
Date: 2023-07-13T00:12:59+02:00

core: modparam use strncpy() for setting boundaries

* use strncat()

> https://github.com/kamailio/kamailio/security/code-scanning/1836
> https://github.com/kamailio/kamailio/security/code-scanning/1834

---

Modified: src/core/modparam.c
Modified: src/core/sr_module.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/675f6c0224897544d30f5f863c503499b2e5f2fe.diff
Patch: 
https://github.com/kamailio/kamailio/commit/675f6c0224897544d30f5f863c503499b2e5f2fe.patch

---

diff --git a/src/core/modparam.c b/src/core/modparam.c
index cf7957a16a9..46ea0169e53 100644
--- a/src/core/modparam.c
+++ b/src/core/modparam.c
@@ -72,7 +72,7 @@ int set_mod_param_regex(char *regex, char *name, modparam_t 
type, void *val)
 {
        struct sr_module *t;
        regex_t preg;
-       int mod_found, len;
+       int mod_found, len, len_param;
        char *reg;
        void *ptr, *val2;
        modparam_t param_type;
@@ -143,15 +143,15 @@ int set_mod_param_regex(char *regex, char *name, 
modparam_t type, void *val)
                                } else {
                                        switch(PARAM_TYPE_MASK(param_type)) {
                                                case PARAM_STRING:
-                                                       *((char **)ptr) =
-                                                                       
pkg_malloc(strlen((char *)val2) + 1);
+                                                       len_param = 
strlen((char *)val2);
+                                                       *((char **)ptr) = 
pkg_malloc(len_param + 1);
                                                        if(!*((char **)ptr)) {
                                                                PKG_MEM_ERROR;
                                                                regfree(&preg);
                                                                pkg_free(reg);
                                                                return -1;
                                                        }
-                                                       strcpy(*((char **)ptr), 
(char *)val2);
+                                                       strncpy(*((char 
**)ptr), (char *)val2, len_param);
                                                        break;
 
                                                case PARAM_STR:
diff --git a/src/core/sr_module.c b/src/core/sr_module.c
index 2c5b4f1852f..1b7ea7332d2 100644
--- a/src/core/sr_module.c
+++ b/src/core/sr_module.c
@@ -503,7 +503,7 @@ int ksr_locate_module(char *mod_path, char **new_path)
                                                len++;
                                        }
                                        path[len] = 0;
-                                       strcat(path, mod_path);
+                                       strncat(path, mod_path, 
strlen(mod_path));
 
                                        if(stat(path, &stat_buf) == -1) {
                                                LM_DBG("module file not found 
<%s>\n", path);

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to [email protected]

Reply via email to