Module: kamailio Branch: master Commit: 675f6c0224897544d30f5f863c503499b2e5f2fe URL: https://github.com/kamailio/kamailio/commit/675f6c0224897544d30f5f863c503499...
Author: Victor Seva linuxmaniac@torreviejawireless.org Committer: Victor Seva linuxmaniac@torreviejawireless.org Date: 2023-07-13T00:12:59+02:00
core: modparam use strncpy() for setting boundaries
* use strncat()
https://github.com/kamailio/kamailio/security/code-scanning/1836 https://github.com/kamailio/kamailio/security/code-scanning/1834
---
Modified: src/core/modparam.c Modified: src/core/sr_module.c
---
Diff: https://github.com/kamailio/kamailio/commit/675f6c0224897544d30f5f863c503499... Patch: https://github.com/kamailio/kamailio/commit/675f6c0224897544d30f5f863c503499...
---
diff --git a/src/core/modparam.c b/src/core/modparam.c index cf7957a16a9..46ea0169e53 100644 --- a/src/core/modparam.c +++ b/src/core/modparam.c @@ -72,7 +72,7 @@ int set_mod_param_regex(char *regex, char *name, modparam_t type, void *val) { struct sr_module *t; regex_t preg; - int mod_found, len; + int mod_found, len, len_param; char *reg; void *ptr, *val2; modparam_t param_type; @@ -143,15 +143,15 @@ int set_mod_param_regex(char *regex, char *name, modparam_t type, void *val) } else { switch(PARAM_TYPE_MASK(param_type)) { case PARAM_STRING: - *((char **)ptr) = - pkg_malloc(strlen((char *)val2) + 1); + len_param = strlen((char *)val2); + *((char **)ptr) = pkg_malloc(len_param + 1); if(!*((char **)ptr)) { PKG_MEM_ERROR; regfree(&preg); pkg_free(reg); return -1; } - strcpy(*((char **)ptr), (char *)val2); + strncpy(*((char **)ptr), (char *)val2, len_param); break;
case PARAM_STR: diff --git a/src/core/sr_module.c b/src/core/sr_module.c index 2c5b4f1852f..1b7ea7332d2 100644 --- a/src/core/sr_module.c +++ b/src/core/sr_module.c @@ -503,7 +503,7 @@ int ksr_locate_module(char *mod_path, char **new_path) len++; } path[len] = 0; - strcat(path, mod_path); + strncat(path, mod_path, strlen(mod_path));
if(stat(path, &stat_buf) == -1) { LM_DBG("module file not found <%s>\n", path);