git:master:73c66150: influxdbc: copy with buffer size limit - sr-dev

1 Mar 2024

Module: kamailio
Branch: master
Commit: 73c66150c604326c07d454002c12cb221289936a
URL: https://github.com/kamailio/kamailio/commit/73c66150c604326c07d454002c12cb22...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2024-03-01T09:55:16+01:00
influxdbc: copy with buffer size limit
---
Modified: src/modules/influxdbc/ic.c
---
Diff:  https://github.com/kamailio/kamailio/commit/73c66150c604326c07d454002c12cb22...
Patch: https://github.com/kamailio/kamailio/commit/73c66150c604326c07d454002c12cb22...
---

diff --git a/src/modules/influxdbc/ic.c b/src/modules/influxdbc/ic.c
index 09ab462ffcb..dc493619f28 100644
--- a/src/modules/influxdbc/ic.c
+++ b/src/modules/influxdbc/ic.c
@@ -107,7 +107,7 @@ void ic_influx_database(char *host, long port,
he = gethostbyname(host);
    		if(he == NULL) {
-				sprintf(errorbuf,
+				snprintf(errorbuf, 1024,
    					"influx host=%s to ip address convertion failed "
    					"gethostbyname(), bailing out\n",
    					host);
@@ -115,22 +115,24 @@ void ic_influx_database(char *host, long port,
    		}
    		/* this could return multiple ip addresses but we assume its the first one */
    		if(he->h_addr_list[0] != NULL) {
-				strcpy(influx_ip,
-						inet_ntoa(*(struct in_addr *)(he->h_addr_list[0])));
+				strncpy(influx_ip,
+						inet_ntoa(*(struct in_addr *)(he->h_addr_list[0])), 16);
+				influx_ip[16] = '\0';
    			DEBUG fprintf(stderr,
    					"ic_influx_by_hostname hostname=%s converted to ip "
    					"address %s))\n",
    					host, influx_ip);
    		} else {
-				sprintf(errorbuf,
+				snprintf(errorbuf, 1024,
    					"influx host=%s to ip address convertion failed (empty "
    					"list), bailing out\n",
    					host);
    			error(errorbuf);
    		}
    	} else {
-			strcpy(influx_ip,
-					host); /* perhaps the hostname is actually an ip address */
+			strncpy(influx_ip, host,
+					16); /* perhaps the hostname is actually an ip address */
+			influx_ip[16] = '\0';
    	}
    }
 }
@@ -338,7 +340,7 @@ void ic_push()
    		}
    		for(i = 0; i < 1024; i++) /* empty the buffer */
    			result[i] = 0;
-			if((ret = read(sockfd, result, sizeof(result))) > 0) {
+			if((ret = read(sockfd, result, sizeof(result) - 1)) > 0) {
    			result[ret] = 0;
    			DEBUG fprintf(
    					stderr, "received bytes=%d data=<%s>\n", ret, result);

    