From 34107f7cdd3280949e3f32d38085f413968c686b Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 18 Nov 2012 00:12:58 -0700
Subject: [PATCH] ntlm_smb_lm_auth: better bounds checking

Protect against overflow of domain and domain controlleler FQDN buffers
leading to missing nul-termination string errors.

 Detected by Coverity Scan. Issue 740475.
---
 helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
index f553016171..015d381f37 100644
--- a/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
+++ b/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -183,8 +183,11 @@ make_challenge(char *domain, char *domain_controller)
 {
     /* trying to circumvent some strange problem wih pointers in SMBLib */
     /* Ugly as hell, but the lib is going to be dropped... */
-    strcpy(my_domain,domain);
-    strcpy(my_domain_controller,domain_controller);
+    strncpy(my_domain, domain, sizeof(my_domain)-1);
+    my_domain[sizeof(my_domain)-1] = '\0';
+    strncpy(my_domain_controller, domain_controller, sizeof(my_domain_controller)-1);
+    my_domain_controller[sizeof(my_domain_controller)-1] = '\0';
+
     if (init_challenge(my_domain, my_domain_controller) > 0) {
         return NULL;
     }
-- 
2.47.3