Skip to content

Update exim_lock.c Enhance Security with strncpy#96

Open
Shivam7-1 wants to merge 1 commit intoExim:masterfrom
Shivam7-1:patch-1
Open

Update exim_lock.c Enhance Security with strncpy#96
Shivam7-1 wants to merge 1 commit intoExim:masterfrom
Shivam7-1:patch-1

Conversation

@Shivam7-1
Copy link

@Shivam7-1 Shivam7-1 commented Dec 20, 2024

In this PR replaces instances of strcpy() with strncpy() to mitigate the risk of buffer overflows. strncpy() ensures safer handling of strings by limiting the number of copied characters and adding null-termination, enhancing the overall security and stability of the code.

@Cyborgscode
Copy link
Collaborator

Cyborgscode commented Dec 20, 2024

A quick check with the man page of strncpy ... it has 3 arguments :

char *strncpy(char dst[restrict .dsize], const char *restrict src, size_t dsize);

I'm wondering what the none-optional third one does ...

@Cyborgscode
Copy link
Collaborator

Cyborgscode commented Dec 20, 2024

Just for education:

strncpy(), even if used correctly, which you didn't, would not enhance security, because the buffersize check is right infront of that strcpy() call :

  if ((int)strlen(pw->pw_dir) + (int)strlen(filename) + 1 > sizeof(buffer))
    {
    printf("exim_lock: expanded file name %s%s is too long", pw->pw_dir,
      filename);
    exit(EXIT_FAILURE);
    }

  strcpy(buffer, pw->pw_dir);
  strcat(buffer, filename);
  filename = buffer;
  }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Shivam7-1 @Cyborgscode