NSH telnet: Use strncpy vs strcpy to avoid overrunning username and password buffers. From Bertold Van den Bergh

author: Gregory Nutt <gnutt@nuttx.org> 2014-02-22 10:31:20 -0600
committer: Gregory Nutt <gnutt@nuttx.org> 2014-02-22 10:31:20 -0600
commit: f94ed85a9d85ceb0144c6053cb2230cc758983bf (patch)
tree: 5693949a958a976be18f3bcc4fa0746aba31432a /apps/nshlib
parent: f7529b9f9e4c9e9ab647fde82c7adc0e765d15c8 (diff)
download: nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.tar.gz
nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.tar.bz2
nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/nshlib/nsh_telnetd.c b/apps/nshlib/nsh_telnetd.c
index 76ed81086..b3e67b87c 100644
--- a/apps/nshlib/nsh_telnetd.c
+++ b/apps/nshlib/nsh_telnetd.c
@@ -131,7 +131,7 @@ int nsh_telnetlogin(struct console_stdio_s *pstate)
       fflush(pstate->cn_outstream);
       if (fgets(pstate->cn_line, CONFIG_NSH_LINELEN, INSTREAM(pstate)) != NULL)
         {
-          strcpy(username, pstate->cn_line);
+          strncpy(username, pstate->cn_line, sizeof(username));
           username[strlen(pstate->cn_line) - 1] = 0;
         }
 
@@ -144,7 +144,7 @@ int nsh_telnetlogin(struct console_stdio_s *pstate)
         {
           /* Verify the username and password */
 
-          strcpy(password,pstate->cn_line);
+          strncpy(password, pstate->cn_line, sizeof(password));
           password[strlen(pstate->cn_line) - 1] = 0;
 
           if (strcmp(password, CONFIG_NSH_TELNET_PASSWORD) == 0 &&
author	Gregory Nutt <gnutt@nuttx.org>	2014-02-22 10:31:20 -0600
committer	Gregory Nutt <gnutt@nuttx.org>	2014-02-22 10:31:20 -0600
commit	f94ed85a9d85ceb0144c6053cb2230cc758983bf (patch)
tree	5693949a958a976be18f3bcc4fa0746aba31432a /apps/nshlib
parent	f7529b9f9e4c9e9ab647fde82c7adc0e765d15c8 (diff)
download	nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.tar.gz nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.tar.bz2 nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.zip