From 11b24eb35f4bb1e9825b3191d8f6e0fc9c0a3e28 Mon Sep 17 00:00:00 2001
From: Victor Seva <linuxmaniac@torreviejawireless.org>
Date: Thu, 13 Jul 2023 00:26:58 +0200
Subject: [PATCH] ctl: use snprintf() to set boundaries

> https://github.com/kamailio/kamailio/security/code-scanning/1839
---
 src/modules/ctl/ctl.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/modules/ctl/ctl.c b/src/modules/ctl/ctl.c
index 87654c8534c..5e289cfa8d9 100644
--- a/src/modules/ctl/ctl.c
+++ b/src/modules/ctl/ctl.c
@@ -212,6 +212,7 @@ static int mod_init(void)
 {
 	struct id_list *l;
 	char ctl_socket_path[CTL_SOCKET_PATH_SIZE];
+	int len;
 
 	binrpc_callbacks_init();
 
@@ -226,17 +227,14 @@ static int mod_init(void)
 		if(strcmp(runtime_dir, RUN_DIR) == 0) {
 			add_binrpc_socket(PARAM_STRING, DEFAULT_CTL_SOCKET);
 		} else {
-			if(sizeof(DEFAULT_CTL_SOCKET_PROTO)
-							+ sizeof(DEFAULT_CTL_SOCKET_NAME)
-							+ strlen(runtime_dir) + 4
-					> CTL_SOCKET_PATH_SIZE) {
+			len = sizeof(DEFAULT_CTL_SOCKET_PROTO)
+				  + sizeof(DEFAULT_CTL_SOCKET_NAME) + strlen(runtime_dir) + 4;
+			if(len > CTL_SOCKET_PATH_SIZE) {
 				LM_ERR("ctl socket path is too big\n");
 				return -1;
 			}
-			strcpy(ctl_socket_path, DEFAULT_CTL_SOCKET_PROTO);
-			strcat(ctl_socket_path, runtime_dir);
-			strcat(ctl_socket_path, "/");
-			strcat(ctl_socket_path, DEFAULT_CTL_SOCKET_NAME);
+			snprintf(ctl_socket_path, len, "%s%s/%s", DEFAULT_CTL_SOCKET_PROTO,
+					runtime_dir, DEFAULT_CTL_SOCKET_NAME);
 			add_binrpc_socket(PARAM_STRING, ctl_socket_path);
 		}
 	}