Replace strcpy with strncpy in get_hoststr

Replace strcpy with strncpy to avoid buffer overflow.
2012-03-08 17:23:46 +01:00 · 2012-03-08 17:23:46 +01:00 · 666bc7392b
commit 666bc7392b
parent eb16f52b1a
2 changed files with 8 additions and 1 deletions
--- a/6
+++ b/6
@ -2,6 +2,12 @@
 Version 1.8.0
 *******************************************************************************

+2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
+
+	Replace strcpy with strncpy in get_hoststr
+
+	Replace strcpy with strncpy to avoid buffer overflow.
+
 2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

 	Memory leak fix in handle_query_variable
--- a/upnp/src/genlib/net/http/httpreadwrite.c
+++ b/upnp/src/genlib/net/http/httpreadwrite.c
@ -169,7 +169,8 @@ static int get_hoststr(const char* url_str,
 {
 	char *urlPath = alloca(strlen(url_str) + 1);
 	char *temp;
-	strcpy(urlPath, url_str);
+	memset(urlPath, 0, strlen(url_str) + 1);
+	strncpy(urlPath, url_str, strlen(url_str));
 	*hoststr = strstr(urlPath, "//");
 	if (*hoststr == NULL)
 		return UPNP_E_INVALID_URL;