diff options
| author | Gregory Nutt <gnutt@nuttx.org> | 2014-02-22 10:31:20 -0600 |
|---|---|---|
| committer | Gregory Nutt <gnutt@nuttx.org> | 2014-02-22 10:31:20 -0600 |
| commit | f94ed85a9d85ceb0144c6053cb2230cc758983bf (patch) | |
| tree | 5693949a958a976be18f3bcc4fa0746aba31432a /apps | |
| parent | f7529b9f9e4c9e9ab647fde82c7adc0e765d15c8 (diff) | |
| download | nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.tar.gz nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.tar.bz2 nuttx-f94ed85a9d85ceb0144c6053cb2230cc758983bf.zip | |
NSH telnet: Use strncpy vs strcpy to avoid overrunning username and password buffers. From Bertold Van den Bergh
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/ChangeLog.txt | 2 | ||||
| -rw-r--r-- | apps/nshlib/nsh_telnetd.c | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/apps/ChangeLog.txt b/apps/ChangeLog.txt index 36a7fbc5c..29bab006a 100644 --- a/apps/ChangeLog.txt +++ b/apps/ChangeLog.txt @@ -842,4 +842,6 @@ (2014-2-20). * nshlib/Kconfig: Use CONFIG_DEFAULT_SMALL in selecting default settings (2014-2-20). + * nshlib/nsh_telnetd.c: Use strncpy vs strcpy to avoid overrun the + username and password buffers. From Bertold Van den Bergh (2014-2-22). diff --git a/apps/nshlib/nsh_telnetd.c b/apps/nshlib/nsh_telnetd.c index 76ed81086..b3e67b87c 100644 --- a/apps/nshlib/nsh_telnetd.c +++ b/apps/nshlib/nsh_telnetd.c @@ -131,7 +131,7 @@ int nsh_telnetlogin(struct console_stdio_s *pstate) fflush(pstate->cn_outstream); if (fgets(pstate->cn_line, CONFIG_NSH_LINELEN, INSTREAM(pstate)) != NULL) { - strcpy(username, pstate->cn_line); + strncpy(username, pstate->cn_line, sizeof(username)); username[strlen(pstate->cn_line) - 1] = 0; } @@ -144,7 +144,7 @@ int nsh_telnetlogin(struct console_stdio_s *pstate) { /* Verify the username and password */ - strcpy(password,pstate->cn_line); + strncpy(password, pstate->cn_line, sizeof(password)); password[strlen(pstate->cn_line) - 1] = 0; if (strcmp(password, CONFIG_NSH_TELNET_PASSWORD) == 0 && |