Algorithm names are not always static anymore, avoid string overflows
authorTobias Brunner <tobias@strongswan.org>
Fri, 28 Sep 2012 14:42:50 +0000 (16:42 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 28 Sep 2012 14:49:05 +0000 (16:49 +0200)
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c

index d8fefdb..2c439ad 100644 (file)
@@ -1263,7 +1263,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                        algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
                        algo->alg_key_len = enc_key.len * 8;
                        algo->alg_icv_len = icv_size;
                        algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
                        algo->alg_key_len = enc_key.len * 8;
                        algo->alg_icv_len = icv_size;
-                       strcpy(algo->alg_name, alg_name);
+                       strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
+                       algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
                        memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
 
                        rthdr = XFRM_RTA_NEXT(rthdr);
                        memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
 
                        rthdr = XFRM_RTA_NEXT(rthdr);
@@ -1293,7 +1294,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 
                        algo = (struct xfrm_algo*)RTA_DATA(rthdr);
                        algo->alg_key_len = enc_key.len * 8;
 
                        algo = (struct xfrm_algo*)RTA_DATA(rthdr);
                        algo->alg_key_len = enc_key.len * 8;
-                       strcpy(algo->alg_name, alg_name);
+                       strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
+                       algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
                        memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
 
                        rthdr = XFRM_RTA_NEXT(rthdr);
                        memcpy(algo->alg_key, enc_key.ptr, enc_key.len);
 
                        rthdr = XFRM_RTA_NEXT(rthdr);
@@ -1347,7 +1349,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                        algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
                        algo->alg_key_len = int_key.len * 8;
                        algo->alg_trunc_len = trunc_len;
                        algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
                        algo->alg_key_len = int_key.len * 8;
                        algo->alg_trunc_len = trunc_len;
-                       strcpy(algo->alg_name, alg_name);
+                       strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
+                       algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
                        memcpy(algo->alg_key, int_key.ptr, int_key.len);
                }
                else
                        memcpy(algo->alg_key, int_key.ptr, int_key.len);
                }
                else
@@ -1365,7 +1368,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 
                        algo = (struct xfrm_algo*)RTA_DATA(rthdr);
                        algo->alg_key_len = int_key.len * 8;
 
                        algo = (struct xfrm_algo*)RTA_DATA(rthdr);
                        algo->alg_key_len = int_key.len * 8;
-                       strcpy(algo->alg_name, alg_name);
+                       strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
+                       algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
                        memcpy(algo->alg_key, int_key.ptr, int_key.len);
                }
                rthdr = XFRM_RTA_NEXT(rthdr);
                        memcpy(algo->alg_key, int_key.ptr, int_key.len);
                }
                rthdr = XFRM_RTA_NEXT(rthdr);
@@ -1393,7 +1397,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 
                struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
                algo->alg_key_len = 0;
 
                struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
                algo->alg_key_len = 0;
-               strcpy(algo->alg_name, alg_name);
+               strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name));
+               algo->alg_name[sizeof(algo->alg_name) - 1] = '\0';
 
                rthdr = XFRM_RTA_NEXT(rthdr);
        }
 
                rthdr = XFRM_RTA_NEXT(rthdr);
        }