From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 24 Nov 2012 03:52:54 +0000 (-0700)
Subject: ntlm_smb_lm_auth: better bounds checking
X-Git-Tag: SQUID_3_3_0_2~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba8866a3884c3a9e913c8f111be80fc653b72658;p=thirdparty%2Fsquid.git

ntlm_smb_lm_auth: better bounds checking

Protect against overflow of domain and domain controlleler FQDN buffers
leading to missing nul-termination string errors.

 Detected by Coverity Scan. Issue 740475.
---

diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
index f553016171..015d381f37 100644
--- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
+++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -183,8 +183,11 @@ make_challenge(char *domain, char *domain_controller)
 {
     /* trying to circumvent some strange problem wih pointers in SMBLib */
     /* Ugly as hell, but the lib is going to be dropped... */
-    strcpy(my_domain,domain);
-    strcpy(my_domain_controller,domain_controller);
+    strncpy(my_domain, domain, sizeof(my_domain)-1);
+    my_domain[sizeof(my_domain)-1] = '\0';
+    strncpy(my_domain_controller, domain_controller, sizeof(my_domain_controller)-1);
+    my_domain_controller[sizeof(my_domain_controller)-1] = '\0';
+
     if (init_challenge(my_domain, my_domain_controller) > 0) {
         return NULL;
     }