diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2016-03-08 11:16:31 +0100 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2016-03-08 12:09:23 +0100 |
| commit | d99ac2db56ff76a24f488e8a2be73cf24a316219 (patch) | |
| tree | 482861d372f538b3ab6647e47dcfaec8453e396e /src | |
| parent | 5853bf5ab58b6a5f3d43b2b9db6ac88e0637490a (diff) | |
wep: fix a couple of potential buffer overflows
Coverity thinks we're no good at string manipulation.
Can't argue with that.
(Not a security issue; the user could overflow the buffer by typing a
too long WEP key, but no privilege boundary is crossed.)
CID 59920 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
2. fixed_size_dest: You might overrun the 65 byte fixed-size string
sec->keys[sec->cur_index] by copying key without checking the length.
CID 59919 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 65 byte fixed-size string
sec->keys[sec->cur_index] by copying key without checking the length.
CID 59918 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
4. fixed_size_dest: You might overrun the 65 byte fixed-size string
sec->keys[i] by copying tmp without checking the length.
Diffstat (limited to 'src')
| -rw-r--r-- | src/wireless-security/ws-wep-key.c | 6 | ||||
| -rw-r--r-- | src/wireless-security/ws-wep-key.ui | 1 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/wireless-security/ws-wep-key.c b/src/wireless-security/ws-wep-key.c index a95695bb..3628d67f 100644 --- a/src/wireless-security/ws-wep-key.c +++ b/src/wireless-security/ws-wep-key.c @@ -64,7 +64,7 @@ key_index_combo_changed_cb (GtkWidget *combo, WirelessSecurity *parent) entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); key = gtk_entry_get_text (GTK_ENTRY (entry)); if (key) - strcpy (sec->keys[sec->cur_index], key); + g_strlcpy (sec->keys[sec->cur_index], key, sizeof (sec->keys[sec->cur_index])); else memset (sec->keys[sec->cur_index], 0, sizeof (sec->keys[sec->cur_index])); @@ -170,7 +170,7 @@ fill_connection (WirelessSecurity *parent, NMConnection *connection) widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); passwd_entry = widget; key = gtk_entry_get_text (GTK_ENTRY (widget)); - strcpy (sec->keys[sec->cur_index], key); + g_strlcpy (sec->keys[sec->cur_index], key, sizeof (sec->keys[sec->cur_index])); /* Blow away the old security setting by adding a clear one */ s_wsec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); @@ -228,7 +228,7 @@ update_secrets (WirelessSecurity *parent, NMConnection *connection) for (i = 0; s_wsec && i < 4; i++) { tmp = nm_setting_wireless_security_get_wep_key (s_wsec, i); if (tmp) - strcpy (sec->keys[i], tmp); + g_strlcpy (sec->keys[i], tmp, sizeof (sec->keys[i])); } widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "wep_key_entry")); diff --git a/src/wireless-security/ws-wep-key.ui b/src/wireless-security/ws-wep-key.ui index 2726290a..62b11a54 100644 --- a/src/wireless-security/ws-wep-key.ui +++ b/src/wireless-security/ws-wep-key.ui @@ -66,6 +66,7 @@ <object class="GtkEntry" id="wep_key_entry"> <property name="visible">True</property> <property name="can_focus">True</property> + <property name="max_length">64</property> <property name="visibility">False</property> <property name="activates_default">True</property> </object> |