ntlm_smb_lm_auth: better bounds checking

Protect against overflow of domain and domain controlleler FQDN buffers
leading to missing nul-termination string errors.

 Detected by Coverity Scan. Issue 740475.

diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
index 0ff4491dc45fbda2019a0e78d16f1677418fd863..bf22c00047651fbf01a722ccd834b672dcbbb33f 100644 (file)
--- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
+++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -191,8 +191,11 @@ make_challenge(char *domain, char *domain_controller)
 {
     /* trying to circumvent some strange problem wih pointers in SMBLib */
     /* Ugly as hell, but the lib is going to be dropped... */
-    strcpy(my_domain,domain);
-    strcpy(my_domain_controller,domain_controller);
+    strncpy(my_domain, domain, sizeof(my_domain)-1);
+    my_domain[sizeof(my_domain)-1] = '\0';
+    strncpy(my_domain_controller, domain_controller, sizeof(my_domain_controller)-1);
+    my_domain_controller[sizeof(my_domain_controller)-1] = '\0';
+
     if (init_challenge(my_domain, my_domain_controller) > 0) {
         return NULL;
     }