From 30fdf1d9c288be1bbed94654b499a5b42854ef5b Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 19 Sep 2013 23:48:44 +0200 Subject: [PATCH] Fix unbounded source buffer source could be larger than destination Problem reported by Coverity CID 1090342 (#1 of 1): Unbounded source buffer (STRING_SIZE) 10. string_size: Passing string "envvar" of unknown size to "strcpy(char * restrict, char const * restrict)", which expects a string of a particular size. --- libnfc/nfc-internal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libnfc/nfc-internal.c b/libnfc/nfc-internal.c index ad9ece5..031483e 100644 --- a/libnfc/nfc-internal.c +++ b/libnfc/nfc-internal.c @@ -100,7 +100,8 @@ nfc_context_new(void) char *envvar = getenv("LIBNFC_DEFAULT_DEVICE"); if (envvar) { strcpy(res->user_defined_devices[0].name, "user defined default device"); - strcpy(res->user_defined_devices[0].connstring, envvar); + strncpy(res->user_defined_devices[0].connstring, envvar, NFC_BUFSIZE_CONNSTRING); + res->user_defined_devices[0].connstring[NFC_BUFSIZE_CONNSTRING - 1] = '\0'; res->user_defined_device_count++; }