From 20c9ac4df34e25f7085bb4e4ab5ea7223932f5c4 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Wed, 25 Apr 2012 17:42:53 +0200 Subject: [PATCH] avoid buffer strncpy-induced buffer overrun * dirmngr/crlcache.c (open_dir): Ensure that both this_update and next_update member strings are NUL-terminated. --- dirmngr/crlcache.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index edf3837af..768d4461d 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -587,8 +587,14 @@ open_dir (crl_cache_t *r_cache) case 2: entry->issuer_hash = p; break; case 3: entry->issuer = unpercent_string (p); break; case 4: entry->url = unpercent_string (p); break; - case 5: strncpy (entry->this_update, p, 15); break; - case 6: strncpy (entry->next_update, p, 15); break; + case 5: + strncpy (entry->this_update, p, 15); + entry->this_update[15] = 0; + break; + case 6: + strncpy (entry->next_update, p, 15); + entry->next_update[15] = 0; + break; case 7: entry->dbfile_hash = p; break; case 8: if (*p) entry->crl_number = p; break; case 9: