Subject: [PATCH 5/5] Prevent tmpbuf from overrunning

[PATCH 5/5] Prevent tmpbuf from overrunning

From: Gregor Jasny <gjasny_at_googlemail.com>
Date: Fri, 19 Sep 2014 20:51:06 +0200

Fix Coverity error CID 56886.

Signed-off-by: Gregor Jasny <gjasny_at_googlemail.com>

---
 ares_getnameinfo.c | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/ares_getnameinfo.c b/ares_getnameinfo.c
index 5b9f638..39337e7 100644
--- a/ares_getnameinfo.c
+++ b/ares_getnameinfo.c
@@ -323,17 +323,27 @@ static char *lookup_service(unsigned short port, int flags,
 #endif
         }
       if (sep && sep->s_name)
-        /* get service name */
-        strcpy(tmpbuf, sep->s_name);
-      else
-        /* get port as a string */
-        sprintf(tmpbuf, "%u", (unsigned int)ntohs(port));
-      if (strlen(tmpbuf) < buflen)
-        /* return it if buffer big enough */
-        strcpy(buf, tmpbuf);
+        {
+          /* get service name */
+          size_t name_len = strlen(sep->s_name);
+          if (name_len < buflen)
+            /* return it if buffer big enough */
+            memcpy(buf, sep->s_name, name_len + 1);
+          else
+            /* avoid reusing previous one */
+            buf[0] = '\0';
+        }
       else
-        /* avoid reusing previous one */
-        buf[0] = '\0';
+        {
+          /* get port as a string */
+          sprintf(tmpbuf, "%u", (unsigned int)ntohs(port));
+          if (strlen(tmpbuf) < buflen)
+            /* return it if buffer big enough */
+            strcpy(buf, tmpbuf);
+          else
+            /* avoid reusing previous one */
+            buf[0] = '\0';
+        }
       return buf;
     }
   buf[0] = '\0';
-- 
1.8.5.2 (Apple Git-48)
Received on 2014-09-19