Module: kamailio Branch: master Commit: 73c66150c604326c07d454002c12cb221289936a URL: https://github.com/kamailio/kamailio/commit/73c66150c604326c07d454002c12cb2… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2024-03-01T09:55:16+01:00 influxdbc: copy with buffer size limit --- Modified: src/modules/influxdbc/ic.c --- Diff: https://github.com/kamailio/kamailio/commit/73c66150c604326c07d454002c12cb2… Patch: https://github.com/kamailio/kamailio/commit/73c66150c604326c07d454002c12cb2… --- diff --git a/src/modules/influxdbc/ic.c b/src/modules/influxdbc/ic.c index 09ab462ffcb..dc493619f28 100644 --- a/src/modules/influxdbc/ic.c +++ b/src/modules/influxdbc/ic.c @@ -107,7 +107,7 @@ void ic_influx_database(char *host, long port, he = gethostbyname(host); if(he == NULL) { - sprintf(errorbuf, + snprintf(errorbuf, 1024, "influx host=%s to ip address convertion failed " "gethostbyname(), bailing out\n", host); @@ -115,22 +115,24 @@ void ic_influx_database(char *host, long port, } /* this could return multiple ip addresses but we assume its the first one */ if(he->h_addr_list[0] != NULL) { - strcpy(influx_ip, - inet_ntoa(*(struct in_addr *)(he->h_addr_list[0]))); + strncpy(influx_ip, + inet_ntoa(*(struct in_addr *)(he->h_addr_list[0])), 16); + influx_ip[16] = '\0'; DEBUG fprintf(stderr, "ic_influx_by_hostname hostname=%s converted to ip " "address %s))\n", host, influx_ip); } else { - sprintf(errorbuf, + snprintf(errorbuf, 1024, "influx host=%s to ip address convertion failed (empty " "list), bailing out\n", host); error(errorbuf); } } else { - strcpy(influx_ip, - host); /* perhaps the hostname is actually an ip address */ + strncpy(influx_ip, host, + 16); /* perhaps the hostname is actually an ip address */ + influx_ip[16] = '\0'; } } } @@ -338,7 +340,7 @@ void ic_push() } for(i = 0; i < 1024; i++) /* empty the buffer */ result[i] = 0; - if((ret = read(sockfd, result, sizeof(result))) > 0) { + if((ret = read(sockfd, result, sizeof(result) - 1)) > 0) { result[ret] = 0; DEBUG fprintf( stderr, "received bytes=%d data=<%s>\n", ret, result);