Changeset 927d0c70c763dcf56e6f12ebe02a51688468a5c3 for src/rh-ipset.c

Timestamp:

06/08/09 21:12:46 (3 years ago)

Author:

Neutron Soutmun <neo.neutron@…>

Children:

bae014d9f22e13f6115d53d154e6489f20ae00e4

Parents:

5987af1b79b0c1fbd4aa9d30a53ec6879853ece3

git-committer:

Neutron Soutmun <neo.neutron@…> (06/08/09 21:12:46)

Message:

Follow the flawfinder guideline

• Reduce the vulnerability code by follow the advice of flawfinder.
• Just finish one of the TODO lists.

Files:

• src/rh-ipset.c (modified) (5 diffs)

src/rh-ipset.c

@@ -122 +122 @@
   req_adt_get.op = IP_SET_OP_ADT_GET;
   req_adt_get.version = IP_SET_PROTOCOL_VERSION;
-  strcpy(req_adt_get.set.name, name);
+  strncpy(req_adt_get.set.name, name, IP_SET_MAXNAMELEN);
   size = sizeof(struct ip_set_req_adt_get);
 
@@ -150 +150 @@
 {
   unsigned int i = 0;
+  if (!mac)
+    return;
+
   if (strlen(mac) != ETH_ALEN * 3 - 1)
     return;
@@ -181 +184 @@
   static char mac_string[18] = "";
  
-  sprintf(mac_string, "%02X:%02X:%02X:%02X:%02X:%02X", 
+  snprintf(mac_string, sizeof (mac_string), "%02X:%02X:%02X:%02X:%02X:%02X", 
           macaddress[0], macaddress[1], macaddress[2],
           macaddress[3], macaddress[4], macaddress[5]);
@@ -261 +264 @@
   req.op = IP_SET_OP_FLUSH;
   req.version = IP_SET_PROTOCOL_VERSION;
-  strcpy(req.name, name);
+  strncpy(req.name, name, IP_SET_MAXNAMELEN);
 
   kernel_sendto(&req, sizeof(struct ip_set_req_std));
@@ -288 +291 @@
   req_max_sets.op = IP_SET_OP_MAX_SETS;
   req_max_sets.version = IP_SET_PROTOCOL_VERSION;
-  strcpy(req_max_sets.set.name, name);
+  strncpy(req_max_sets.set.name, name, IP_SET_MAXNAMELEN);
   size = sizeof(req_max_sets);
   kernel_getfrom(&req_max_sets, &size);