Bug#609075: Incorrect use of memset count/value and no null termination

To: submit@bugs.debian.org
Subject: Bug#609075: Incorrect use of memset count/value and no null termination
From: Silvio Cesare <silvio.cesare@gmail.com>
Date: Thu, 6 Jan 2011 12:51:36 +1100
Message-id: <[🔎] AANLkTi=J2KZ2i-mzJMFAvEw0VKwymdLEJBMtWGfgQVFA@mail.gmail.com>
Reply-to: Silvio Cesare <silvio.cesare@gmail.com>, 609075@bugs.debian.org

Package: sdr

Version: 3.0-7
Severity: minor

In ./sdr_3.0/src/sap_crypt.c

memset(keylist->keyname, MAXKEYLEN, 0);
memset(keylist->key, MAXKEYLEN, 0);
strncpy(keylist->keyname, keyname, MAXKEYLEN);
strncpy(keylist->key, key, MAXKEYLEN);

It should be memset(keylist->keyname, 0, MAXKEYLEN) etc. Also strncpy does not gaurantee null termination. Maybe strncpy MAXKEYLEN - 1 once the memset is fixed, or solve equivalently.

Reply to:

Prev by Date: Processed: Re: Bug#521860: lack of upstream response
Next by Date: Bug#609078: Incorrect use of memset count/value
Previous by thread: Processed: Re: Bug#521860: lack of upstream response
Next by thread: Bug#609078: Incorrect use of memset count/value
Index(es):
- Date
- Thread