[PATCH 2/7] Make sure strings copied by strncpy are null-terminated

Ondřej Lysoněk olysonek at redhat.com
Mon Aug 13 13:39:43 BST 2018 

Signed-off-by: Ondřej Lysoněk <olysonek at redhat.com>
---
 src/config.c  | 1 +
 src/dial.c    | 3 +++
 src/minicom.c | 3 +++
 src/script.c  | 2 ++
 src/updown.c  | 4 ++++
 5 files changed, 13 insertions(+)

diff --git a/src/config.c b/src/config.c
index 78b25aa..ea939c8 100644
--- a/src/config.c
+++ b/src/config.c
@@ -88,6 +88,7 @@ void read_parms(void)
   for (f = PROTO_BASE; f < MAXPROTO; f++) {
     if (P_PNAME(f)[0] && P_PIORED(f) != 'Y' && P_PIORED(f) != 'N') {
       strncpy(buf, P_PNAME(f) - 2, sizeof(buf));
+      buf[sizeof(buf) - 1] = '\0';
       strcpy(P_PNAME(f), buf);
       P_PIORED(f) = 'Y';
       P_PFULL(f) = 'N';
diff --git a/src/dial.c b/src/dial.c
index a90c1d2..a3337e5 100644
--- a/src/dial.c
+++ b/src/dial.c
@@ -829,8 +829,11 @@ static int v1_read(FILE *fp, struct dialent *d)
 
   memcpy(d->username, v1.username, sizeof(v1) - offsetof(struct v1_dialent, username));
   strncpy(d->name, v1.name, sizeof(d->name));
+  d->name[sizeof(d->name) - 1] = '\0';
   strncpy(d->number, v1.number, sizeof(d->number));
+  d->number[sizeof(d->number) - 1] = '\0';
   strncpy(d->script, v1.script, sizeof(d->script));
+  d->script[sizeof(d->script) - 1] = '\0';
   d->lastdate[0]=0;
   d->lasttime[0]=0;
   d->count=0;
diff --git a/src/minicom.c b/src/minicom.c
index 4eb47d4..50309e1 100644
--- a/src/minicom.c
+++ b/src/minicom.c
@@ -1208,6 +1208,7 @@ int main(int argc, char **argv)
           break;
         case 't': /* Terminal type */
           strncpy(termtype, optarg, sizeof(termtype));
+	  termtype[sizeof(termtype) - 1] = '\0';
 #ifdef __GLIBC__
           /* Bug in older libc's (< 4.5.26 I think) */
           if ((s = getenv("TERMCAP")) != NULL && *s != '/')
@@ -1322,7 +1323,9 @@ int main(int argc, char **argv)
     strncpy(homedir, pwd->pw_dir, sizeof(homedir));
   else
     strncpy(homedir, s, sizeof(homedir));
+  homedir[sizeof(homedir) - 1] = '\0';
   strncpy(username, pwd->pw_name, sizeof(username));
+  username[sizeof(username) - 1] = '\0';
 
   /* Get personal parameter file */
   snprintf(pparfile, sizeof(pparfile), "%s/.minirc.%s", homedir, use_port);
diff --git a/src/script.c b/src/script.c
index ee1284f..f7c4e3f 100644
--- a/src/script.c
+++ b/src/script.c
@@ -1099,12 +1099,14 @@ int main(int argc, char **argv)
 
   if (argc > 2) {
     strncpy(logfname, argv[2], sizeof(logfname));
+    logfname[sizeof(logfname) - 1] = '\0';
     if (argc > 3)
       strncpy(homedir, argv[3], sizeof(homedir));
     else if ((s = getenv("HOME")) != NULL)
       strncpy(homedir, s, sizeof(homedir));
     else
       homedir[0] = 0;
+    homedir[sizeof(homedir) - 1] = '\0';
   }
   else
     logfname[0] = 0;
diff --git a/src/updown.c b/src/updown.c
index 726328e..54442bb 100644
--- a/src/updown.c
+++ b/src/updown.c
@@ -386,6 +386,7 @@ void updown(int what, int nr)
             do_log("%s", trimbuf);
           } else if (!strncmp (buffirst, "Bytes", 5)) {
             strncpy (xfrstr, buf, sizeof(xfrstr));
+            xfrstr[sizeof(xfrstr) - 1] = '\0';
           }
           buffirst[0] = 0;
           trimbuf[0] = 0;
@@ -698,8 +699,11 @@ void runscript(int ask, const char *s, const char *l, const char *p)
     }
   } else {
     strncpy(scr_user, l, sizeof(scr_user));
+    scr_user[sizeof(scr_user) - 1] = '\0';
     strncpy(scr_name, s, sizeof(scr_name));
+    scr_name[sizeof(scr_name) - 1] = '\0';
     strncpy(scr_passwd, p, sizeof(scr_passwd));
+    scr_passwd[sizeof(scr_passwd) - 1] = '\0';
   }
   sprintf(scr_lines, "%d", (int) lines);  /* jl 13.09.97 */
 
-- 
2.14.4

More information about the minicom-devel mailing list