fixing coverity found defects - copying into fixed size buffer

(cherry picked from commit 92a7361) (cherry picked from commit c9aaae3)
OpenSIPS · Jan 18, 2016 · 94a5ab2 · 94a5ab2
1 parent cc00f6c
commit 94a5ab2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/modules/ldap/iniparser.c b/modules/ldap/iniparser.c
@@ -546,6 +546,7 @@ output file pointers.
 
 	/* iniparser.c.c following */
 #define ASCIILINESZ         1024
+#define LONGKEYBUFF         2*ASCIILINESZ+1
 #define INI_INVALID_KEY     ((char*)-1)
 
 	/* Private: add an entry to the dictionary */
@@ -555,13 +556,15 @@ output file pointers.
 	char * key,
 	char * val)
 	{
-		char longkey[2*ASCIILINESZ+1];
+		char longkey[LONGKEYBUFF];
 
 		/* Make a key as section:keyword */
 		if (key!=NULL) {
-			sprintf(longkey, "%s:%s", sec, key);
+			snprintf(longkey, LONGKEYBUFF, "%s:%s", sec, key);
 		} else {
-			strcpy(longkey, sec);
+			size_t len = strlen(sec);
+			longkey[LONGKEYBUFF-1]=0;
+			strncpy(longkey, sec, len >= LONGKEYBUFF ? LONGKEYBUFF-1 : len);
 		}
 
 		/* Add (key,val) to dictionary */

diff --git a/modules/siptrace/siptrace.c b/modules/siptrace/siptrace.c
@@ -1288,7 +1288,7 @@ static void trace_onreply_in(struct cell* t, int type, struct tmcb_params *ps)
 	struct sip_msg* req;
 	int_str        avp_value;
 	struct usr_avp *avp;
-	char statusbuf[8];
+	char statusbuf[INT2STR_MAX_LEN];
 	int len;
 
 	if(t==NULL || t->uas.request==0 || ps==NULL)
@@ -1345,7 +1345,9 @@ static void trace_onreply_in(struct cell* t, int type, struct tmcb_params *ps)
 	db_vals[2].val.str_val.s = t->method.s;
 	db_vals[2].val.str_val.len = t->method.len;
 
-	strcpy(statusbuf, int2str(ps->code, &len));
+	char * str_code = int2str(ps->code, &len);
+	statusbuf[INT2STR_MAX_LEN-1]=0;
+	strncpy(statusbuf, str_code, len >= INT2STR_MAX_LEN ? INT2STR_MAX_LEN-1 : len);
 	db_vals[3].val.str_val.s = statusbuf;
 	db_vals[3].val.str_val.len = len;
 
@@ -1596,7 +1598,9 @@ static void trace_sl_onreply_out( unsigned int types, struct sip_msg* req,
 			&msg->rcv.dst_ip, msg->rcv.dst_port, msg->rcv.proto);
 	}
 
-	strcpy(statusbuf, int2str(sl_param->code, &len));
+	char * str_code = int2str(sl_param->code, &len);
+	statusbuf[INT2STR_MAX_LEN-1]=0;
+	strncpy(statusbuf, str_code, len >= INT2STR_MAX_LEN ? INT2STR_MAX_LEN-1 : len);
 	db_vals[3].val.str_val.s = statusbuf;
 	db_vals[3].val.str_val.len = len;