------------------------------------------------------------ revno: 11750 revision-id: squid3@treenet.co.nz-20130128043026-koi25gdvjxkma9zp parent: squid3@treenet.co.nz-20130128042817-1bkiwsq6vqo6ed70 author: Tomas Hozza committer: Amos Jeffries branch nick: 3.2 timestamp: Sun 2013-01-27 21:30:26 -0700 message: Make sure copied strings are properly terminated in snmplib and wccp2 ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20130128043026-koi25gdvjxkma9zp # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # testament_sha1: 29578884361d0f37584c24189036b34020918855 # timestamp: 2013-01-28 04:35:47 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # base_revision_id: squid3@treenet.co.nz-20130128042817-\ # 1bkiwsq6vqo6ed70 # # Begin patch === modified file 'snmplib/parse.c' --- snmplib/parse.c 2013-01-28 04:28:17 +0000 +++ snmplib/parse.c 2013-01-28 04:30:26 +0000 @@ -1014,6 +1014,7 @@ return NULL; } strncpy(name, token, 64); + name[63] = '\0'; type = get_token(fp, token); if (type == OBJTYPE) { if (root == NULL) { === modified file 'src/wccp2.cc' --- src/wccp2.cc 2012-11-30 13:34:49 +0000 +++ src/wccp2.cc 2013-01-28 04:30:26 +0000 @@ -592,6 +592,7 @@ /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */ memset(pwd, 0, sizeof(pwd)); strncpy(pwd, password, sizeof(pwd)); + pwd[sizeof(pwd) - 1] = '\0'; ws = (struct wccp2_security_md5_t *) ptr; assert(ntohs(ws->security_type) == WCCP2_SECURITY_INFO); @@ -660,6 +661,7 @@ /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */ memset(pwd, 0, sizeof(pwd)); strncpy(pwd, srv->wccp_password, sizeof(pwd)); + pwd[sizeof(pwd) - 1] = '\0'; /* Take a copy of the challenge: we need to NUL it before comparing */ memcpy(md5_challenge, ws->security_implementation, 16);