Merge pull request #4 from ValdikSS/bufferoverflows

Fix buffer overflows in argument parser
2025-12-16 19:40:58 +01:00 · 2017-04-12 20:49:27 +02:00
parent 0fd7aea843 9af1b201f6
commit 3573e2f5c6
1 changed files with 11 additions and 5 deletions
--- a/udpxd.c
+++ b/udpxd.c
@@ -176,21 +176,27 @@ int main ( int argc, char* argv[] ) {
      }
      break;
    case 'b':
+      srcip = malloc(INET6_ADDRSTRLEN+1);
      if(strlen(optarg) > INET6_ADDRSTRLEN) {
        fprintf(stderr, "Bind ip address is too long!\n");
        err = 1;
      }
-      srcip = malloc(INET6_ADDRSTRLEN+1);
-      strncpy(srcip, optarg, strlen(optarg));
+      else {
+        strncpy(srcip, optarg, INET6_ADDRSTRLEN);
+        srcip[INET6_ADDRSTRLEN-1] = '\0';
+      }
      break;
    case 'p':
-      strncpy(pidfile, optarg, strlen(optarg));
+      strncpy(pidfile, optarg, MAX_BUFFER_SIZE);
+      pidfile[MAX_BUFFER_SIZE-1] = '\0';
      break;
    case 'u':
-      strncpy(user, optarg, strlen(optarg));
+      strncpy(user, optarg, 128);
+      user[128-1] = '\0';
      break;
    case 'c':
-      strncpy(chroot, optarg, strlen(optarg));
+      strncpy(chroot, optarg, MAX_BUFFER_SIZE);
+      chroot[MAX_BUFFER_SIZE-1] = '\0';
      break;
    default:
      usage();