http_get_nonce - fix possible buffer overflow - coverity

author Jaroslav Kysela <perex@perex.cz>

Wed, 7 Dec 2016 13:29:02 +0000 (14:29 +0100)

committer Jaroslav Kysela <perex@perex.cz>

Wed, 7 Dec 2016 13:29:02 +0000 (14:29 +0100)
author Jaroslav Kysela <perex@perex.cz>
Wed, 7 Dec 2016 13:29:02 +0000 (14:29 +0100)
committer Jaroslav Kysela <perex@perex.cz>
Wed, 7 Dec 2016 13:29:02 +0000 (14:29 +0100)
diff --git a/src/http.c b/src/http.c

index aa7fc5819d00239e547d8b0ec8e23d1917122e16..7ab3a7f04dcf14b20e92afde3b34a7664408ea28 100644 (file)
--- a/src/http.c
+++ b/src/http.c
@@ -256,7 +256,7 @@ static char *
  http_get_nonce(void)
  {
    struct http_nonce *n = calloc(1, sizeof(*n));
-  char stamp[32], *m;
+  char stamp[33], *m;
    int64_t mono;
  
    while (1) {
@@ -264,7 +264,8 @@ http_get_nonce(void)
      mono ^= 0xa1687211885fcd30LL;
      snprintf(stamp, sizeof(stamp), "%"PRId64, mono);
      m = md5sum(stamp, 1);
-    strcpy(n->nonce, m);
+    strncpy(n->nonce, m, sizeof(stamp));
+    n->nonce[sizeof(stamp)-1] = '\0';
      pthread_mutex_lock(&global_lock);
      if (RB_INSERT_SORTED(&http_nonces, n, link, http_nonce_cmp)) {
        pthread_mutex_unlock(&global_lock);
author	Jaroslav Kysela <perex@perex.cz>
	Wed, 7 Dec 2016 13:29:02 +0000 (14:29 +0100)
committer	Jaroslav Kysela <perex@perex.cz>
	Wed, 7 Dec 2016 13:29:02 +0000 (14:29 +0100)