[PATCH v3] util: add bounds check to util_get_{domain,username}

[PATCH v3] util: add bounds check to util_get_{domain,username}

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]

Two cases were using strcpy, and the other two were using strncpy.
Instead all cases can use l_strlcpy which guarentees NULL termination.
---
 src/util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/util.c b/src/util.c
index f787ce6b..a38dd380 100644
--- a/src/util.c
+++ b/src/util.c
@@ -173,10 +173,10 @@ const char *util_get_domain(const char *identity)
 	for (c = identity; *c; c++) {
 		switch (*c) {
 		case '\\':
-			strncpy(domain, identity, c - identity);
+			memcpy(domain, identity, c - identity);
 			return domain;
 		case '@':
-			strcpy(domain, c + 1);
+			l_strlcpy(domain, c + 1, sizeof(domain));
 			return domain;
 		default:
 			continue;
@@ -197,10 +197,10 @@ const char *util_get_username(const char *identity)
 	for (c = identity; *c; c++) {
 		switch (*c) {
 		case '\\':
-			strcpy(username, c + 1);
+			l_strlcpy(username, c + 1, sizeof(username));
 			return username;
 		case '@':
-			strncpy(username, identity, c - identity);
+			memcpy(username, identity, c - identity);
 			return username;
 		default:
 			continue;
-- 
2.17.1

Re: [PATCH v3] util: add bounds check to util_get_{domain,username}

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 416 bytes --]

Hi James,

On 10/17/19 11:12 AM, James Prestwood wrote:
> Two cases were using strcpy, and the other two were using strncpy.
> Instead all cases can use l_strlcpy which guarentees NULL termination.
> ---
>   src/util.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 

I split this up into two commits and reworked the commit descriptions a bit.

Applied, thanks.

Regards,
-Denis