Re: [PATCH spice-server] red-stream-device: Fix "make syntax-check"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 30, 2019 at 03:13:06PM +0000, Frediano Ziglio wrote:
> Avoid using strncpy, considered not secure.
> In this case a simple memcpy is used, we are going to terminate
> the string in any case on the next line.
> 
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
>  server/red-stream-device.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/server/red-stream-device.c b/server/red-stream-device.c
> index 440b2689..2a210cc7 100644
> --- a/server/red-stream-device.c
> +++ b/server/red-stream-device.c
> @@ -330,9 +330,9 @@ handle_msg_device_display_info(StreamDevice *dev, SpiceCharDeviceInstance *sin)
>          return true;
>      }
>  
> -    strncpy(dev->device_display_info.device_address,
> -            (char*) display_info_msg->device_address,
> -            device_address_len);
> +    memcpy(dev->device_display_info.device_address,
> +           (char*) display_info_msg->device_address,
> +           device_address_len);

I'd use g_strlcpy instead, as by using memcpy, it's no longer obvious
that display_info_msg->device_address is not expected to contain null
bytes.

Christophe

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel

[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]