| Message ID | 20180907180151.178872-10-steved@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | libtirpc: Closed a number of memory leaks | expand |
diff --git a/src/rpc_soc.c b/src/rpc_soc.c index 59e0882..a85cb17 100644 --- a/src/rpc_soc.c +++ b/src/rpc_soc.c @@ -673,7 +673,7 @@ svcunix_create(sock, sendsize, recvsize, path) memset(&sun, 0, sizeof sun); sun.sun_family = AF_LOCAL; - strncpy(sun.sun_path, path, sizeof(sun.sun_path)); + strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1)); addrlen = sizeof(struct sockaddr_un); sa = (struct sockaddr *)&sun;
Calling strncpy with a maximum size argument of 108 bytes on destination array "sun.sun_path" of size 108 bytes might leave the destination string unterminated. Signed-off-by: Steve Dickson <steved@redhat.com> --- src/rpc_soc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)