From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 30 Nov 2012 13:30:40 +0000 (-0700)
Subject: ntlm_smb_lm_auth: better bounds checking
X-Git-Tag: SQUID_3_2_4~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a69ec39987a397fde7bf61b17cbb52da83ac32c;p=thirdparty%2Fsquid.git

ntlm_smb_lm_auth: better bounds checking

Protect against overflow of domain and domain controlleler FQDN buffers
leading to missing nul-termination string errors.

 Detected by Coverity Scan. Issue 740475.
---

diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
index 0ff4491dc4..bf22c00047 100644
--- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
+++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -191,8 +191,11 @@ make_challenge(char *domain, char *domain_controller)
 {
     /* trying to circumvent some strange problem wih pointers in SMBLib */
     /* Ugly as hell, but the lib is going to be dropped... */
-    strcpy(my_domain,domain);
-    strcpy(my_domain_controller,domain_controller);
+    strncpy(my_domain, domain, sizeof(my_domain)-1);
+    my_domain[sizeof(my_domain)-1] = '\0';
+    strncpy(my_domain_controller, domain_controller, sizeof(my_domain_controller)-1);
+    my_domain_controller[sizeof(my_domain_controller)-1] = '\0';
+
     if (init_challenge(my_domain, my_domain_controller) > 0) {
         return NULL;
     }