From 695564da74fe7c95802f5bf59e442e23a2d7cbbf Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>

Date: Mon, 13 Aug 2018 14:39:43 +0200

Subject: [PATCH 2/7] Make sure strings copied by strncpy are null-terminated

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Signed-off-by: Ondřej Lysoněk <olysonek@redhat.com>

---

 src/config.c  | 1 +

 src/dial.c    | 3 +++

 src/minicom.c | 3 +++

 src/script.c  | 2 ++

 src/updown.c  | 4 ++++

 5 files changed, 13 insertions(+)

diff --git a/src/config.c b/src/config.c

index 78b25aa..ea939c8 100644

--- a/src/config.c

+++ b/src/config.c

@@ -88,6 +88,7 @@ void read_parms(void)

   for (f = PROTO_BASE; f < MAXPROTO; f++) {

     if (P_PNAME(f)[0] && P_PIORED(f) != 'Y' && P_PIORED(f) != 'N') {

       strncpy(buf, P_PNAME(f) - 2, sizeof(buf));

+      buf[sizeof(buf) - 1] = '\0';

       strcpy(P_PNAME(f), buf);

       P_PIORED(f) = 'Y';

       P_PFULL(f) = 'N';

diff --git a/src/dial.c b/src/dial.c

index a90c1d2..a3337e5 100644

--- a/src/dial.c

+++ b/src/dial.c

@@ -829,8 +829,11 @@ static int v1_read(FILE *fp, struct dialent *d)

   memcpy(d->username, v1.username, sizeof(v1) - offsetof(struct v1_dialent, username));

   strncpy(d->name, v1.name, sizeof(d->name));

+  d->name[sizeof(d->name) - 1] = '\0';

   strncpy(d->number, v1.number, sizeof(d->number));

+  d->number[sizeof(d->number) - 1] = '\0';

   strncpy(d->script, v1.script, sizeof(d->script));

+  d->script[sizeof(d->script) - 1] = '\0';

   d->lastdate[0]=0;

   d->lasttime[0]=0;

   d->count=0;

diff --git a/src/minicom.c b/src/minicom.c

index 4eb47d4..876805a 100644

--- a/src/minicom.c

+++ b/src/minicom.c

@@ -1208,6 +1208,7 @@ int main(int argc, char **argv)

           break;

         case 't': /* Terminal type */

           strncpy(termtype, optarg, sizeof(termtype));

+          termtype[sizeof(termtype) - 1] = '\0';

 #ifdef __GLIBC__

           /* Bug in older libc's (< 4.5.26 I think) */

           if ((s = getenv("TERMCAP")) != NULL && *s != '/')

@@ -1322,7 +1323,9 @@ int main(int argc, char **argv)

     strncpy(homedir, pwd->pw_dir, sizeof(homedir));

   else

     strncpy(homedir, s, sizeof(homedir));

+  homedir[sizeof(homedir) - 1] = '\0';

   strncpy(username, pwd->pw_name, sizeof(username));

+  username[sizeof(username) - 1] = '\0';

   /* Get personal parameter file */

   snprintf(pparfile, sizeof(pparfile), "%s/.minirc.%s", homedir, use_port);

diff --git a/src/script.c b/src/script.c

index ee1284f..f7c4e3f 100644

--- a/src/script.c

+++ b/src/script.c

@@ -1099,12 +1099,14 @@ int main(int argc, char **argv)

   if (argc > 2) {

     strncpy(logfname, argv[2], sizeof(logfname));

+    logfname[sizeof(logfname) - 1] = '\0';

     if (argc > 3)

       strncpy(homedir, argv[3], sizeof(homedir));

     else if ((s = getenv("HOME")) != NULL)

       strncpy(homedir, s, sizeof(homedir));

     else

       homedir[0] = 0;

+    homedir[sizeof(homedir) - 1] = '\0';

   }

   else

     logfname[0] = 0;

diff --git a/src/updown.c b/src/updown.c

index 726328e..54442bb 100644

--- a/src/updown.c

+++ b/src/updown.c

@@ -386,6 +386,7 @@ void updown(int what, int nr)

             do_log("%s", trimbuf);

           } else if (!strncmp (buffirst, "Bytes", 5)) {

             strncpy (xfrstr, buf, sizeof(xfrstr));

+            xfrstr[sizeof(xfrstr) - 1] = '\0';

           }

           buffirst[0] = 0;

           trimbuf[0] = 0;

@@ -698,8 +699,11 @@ void runscript(int ask, const char *s, const char *l, const char *p)

     }

   } else {

     strncpy(scr_user, l, sizeof(scr_user));

+    scr_user[sizeof(scr_user) - 1] = '\0';

     strncpy(scr_name, s, sizeof(scr_name));

+    scr_name[sizeof(scr_name) - 1] = '\0';

     strncpy(scr_passwd, p, sizeof(scr_passwd));

+    scr_passwd[sizeof(scr_passwd) - 1] = '\0';

   }

   sprintf(scr_lines, "%d", (int) lines);  /* jl 13.09.97 */

-- 

2.14.4