mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

channels/rdpdr: Prevent buffer overflow found by covscan

Browse Source 
buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array "irp->PathName" of size 256 bytes might leave the destination string unterminated.
buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array "irp->ExtraBuffer" of size 256 bytes might leave the destination string unterminated.
This commit is contained in:
Ondrej Holy 2018-08-17 13:43:18 +02:00
parent 472576e6e0
commit 1001807c5f
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
channels/rdpdr/server/rdpdr_main.c
View File

@ -1740,7 +1740,7 @@ static UINT rdpdr_server_drive_create_directory(RdpdrServerContext* context,
irp->Callback = rdpdr_server_drive_create_directory_callback1;
irp->CallbackData = callbackData;
irp->DeviceId = deviceId;
strncpy(irp->PathName, path, sizeof(irp->PathName));
strncpy(irp->PathName, path, sizeof(irp->PathName) - 1);
rdpdr_server_convert_slashes(irp->PathName, sizeof(irp->PathName));
if (!rdpdr_server_enqueue_irp(context, irp))
@ -1851,7 +1851,7 @@ static UINT rdpdr_server_drive_delete_directory(RdpdrServerContext* context,
irp->Callback = rdpdr_server_drive_delete_directory_callback1;
irp->CallbackData = callbackData;
irp->DeviceId = deviceId;
strncpy(irp->PathName, path, sizeof(irp->PathName));
strncpy(irp->PathName, path, sizeof(irp->PathName) - 1);
rdpdr_server_convert_slashes(irp->PathName, sizeof(irp->PathName));
if (!rdpdr_server_enqueue_irp(context, irp))
@ -2019,7 +2019,7 @@ static UINT rdpdr_server_drive_query_directory(RdpdrServerContext* context,
irp->Callback = rdpdr_server_drive_query_directory_callback1;
irp->CallbackData = callbackData;
irp->DeviceId = deviceId;
strncpy(irp->PathName, path, sizeof(irp->PathName));
strncpy(irp->PathName, path, sizeof(irp->PathName) - 1);
rdpdr_server_convert_slashes(irp->PathName, sizeof(irp->PathName));
if (!rdpdr_server_enqueue_irp(context, irp))
@ -2093,7 +2093,7 @@ static UINT rdpdr_server_drive_open_file(RdpdrServerContext* context,
irp->Callback = rdpdr_server_drive_open_file_callback;
irp->CallbackData = callbackData;
irp->DeviceId = deviceId;
strncpy(irp->PathName, path, sizeof(irp->PathName));
strncpy(irp->PathName, path, sizeof(irp->PathName) - 1);
rdpdr_server_convert_slashes(irp->PathName, sizeof(irp->PathName));
if (!rdpdr_server_enqueue_irp(context, irp))
@ -2420,7 +2420,7 @@ static UINT rdpdr_server_drive_delete_file(RdpdrServerContext* context,
irp->Callback = rdpdr_server_drive_delete_file_callback1;
irp->CallbackData = callbackData;
irp->DeviceId = deviceId;
strncpy(irp->PathName, path, sizeof(irp->PathName));
strncpy(irp->PathName, path, sizeof(irp->PathName) - 1);
rdpdr_server_convert_slashes(irp->PathName, sizeof(irp->PathName));
if (!rdpdr_server_enqueue_irp(context, irp))
@ -2570,8 +2570,8 @@ static UINT rdpdr_server_drive_rename_file(RdpdrServerContext* context,
irp->Callback = rdpdr_server_drive_rename_file_callback1;
irp->CallbackData = callbackData;
irp->DeviceId = deviceId;
strncpy(irp->PathName, oldPath, sizeof(irp->PathName));
strncpy(irp->ExtraBuffer, newPath, sizeof(irp->ExtraBuffer));
strncpy(irp->PathName, oldPath, sizeof(irp->PathName) - 1);
strncpy(irp->ExtraBuffer, newPath, sizeof(irp->ExtraBuffer) - 1);
rdpdr_server_convert_slashes(irp->PathName, sizeof(irp->PathName));
rdpdr_server_convert_slashes(irp->ExtraBuffer, sizeof(irp->ExtraBuffer));