Fix possible bufferoverflows

strncat(dest,src,n)

The size of dest must  be  at least strlen(dest)+n+1.

Signed-off-by: Karsten Keil <kkeil@suse.de>

diff --git a/callerid.c b/callerid.c
index b9e59ab..a60c451 100644 (file)
--- a/callerid.c
+++ b/callerid.c
@@ -45,14 +45,14 @@ const char *numberrize_callerinfo(const char *string, int ntype, const char *nat
        {
                case INFO_NTYPE_INTERNATIONAL:
                strcpy(result, international);
-               strncat(result, string, sizeof(result));
+               strncat(result, string, sizeof(result)-strlen(result)-1);
                result[sizeof(result)-1] = '\0';
                return(result);
                break;
 
                case INFO_NTYPE_NATIONAL:
                strcpy(result, national);
-               strncat(result, string, sizeof(result));
+               strncat(result, string, sizeof(result)-strlen(result)-1);
                result[sizeof(result)-1] = '\0';
                return(result);
                break;

diff --git a/macro.h b/macro.h
index fb070ba..29b2794 100644 (file)
--- a/macro.h
+++ b/macro.h
@@ -22,7 +22,7 @@ static inline void scpy(char *dst, const char *src, unsigned int siz)
 
 /* safe strcat/strncat */
 
-#define SCAT(dst, src) scat(dst, src, sizeof(dst))
+#define SCAT(dst, src) scat(dst, src, sizeof(dst)-strlen(dst)-1)
 static inline void scat(char *dst, const char *src, unsigned int siz)
 {
        strncat(dst, src, siz);