sergiotarxz/nuttx-apps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

NSH telnet: Use strncpy vs strcpy to avoid overrunning username and password buffers. From Bertold Van den Bergh

Browse Source
This commit is contained in:
Gregory Nutt 2014-02-22 10:31:20 -06:00
parent 20f6470e83
commit f1628d5055
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.txt
View File

@ -842,4 +842,6 @@
(2014-2-20). (2014-2-20).
* nshlib/Kconfig: Use CONFIG_DEFAULT_SMALL in selecting default * nshlib/Kconfig: Use CONFIG_DEFAULT_SMALL in selecting default
settings (2014-2-20). settings (2014-2-20).
* nshlib/nsh_telnetd.c: Use strncpy vs strcpy to avoid overrun the
username and password buffers. From Bertold Van den Bergh (2014-2-22).

4
nshlib/nsh_telnetd.c
View File

@ -131,7 +131,7 @@ int nsh_telnetlogin(struct console_stdio_s *pstate)
fflush(pstate->cn_outstream); fflush(pstate->cn_outstream);
if (fgets(pstate->cn_line, CONFIG_NSH_LINELEN, INSTREAM(pstate)) != NULL) if (fgets(pstate->cn_line, CONFIG_NSH_LINELEN, INSTREAM(pstate)) != NULL)
{ {
strcpy(username, pstate->cn_line); strncpy(username, pstate->cn_line, sizeof(username));
username[strlen(pstate->cn_line) - 1] = 0; username[strlen(pstate->cn_line) - 1] = 0;
} }
@ -144,7 +144,7 @@ int nsh_telnetlogin(struct console_stdio_s *pstate)
{ {
/* Verify the username and password */ /* Verify the username and password */
strcpy(password,pstate->cn_line); strncpy(password, pstate->cn_line, sizeof(password));
password[strlen(pstate->cn_line) - 1] = 0; password[strlen(pstate->cn_line) - 1] = 0;
if (strcmp(password, CONFIG_NSH_TELNET_PASSWORD) == 0 && if (strcmp(password, CONFIG_NSH_TELNET_PASSWORD) == 0 &&