From 3862c478e2feec8c0175a14998dea070d2d80458 Mon Sep 17 00:00:00 2001 From: Ubuntu Developers Date: Sat, 14 May 2022 02:43:52 +0800 Subject: [PATCH] fix a potential buffer overflow in clientid.c:rc_map2id() This fixes the following compile-time warning when building with -D_FORTIFY_SOURCE=2: In file included from /usr/include/string.h:638:0, from ./includes.h:26, from clientid.c:12: In function 'strncat', inlined from 'rc_map2id' at clientid.c:113:9: /usr/include/i386-linux-gnu/bits/string3.h:150:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default] return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); ^ Origin: vendor, https://build.opensuse.org/source/network/ppp/ppp-2.4.4-strncatfix.patch?rev=7a0fdeff0b29437dd7f4581c95c7255a Forwarded: no Reviewed-by: Chris Boot Last-Update: 2014-01-12 Gbp-Pq: Name ppp-2.4.4-strncatfix.patch --- pppd/plugins/radius/clientid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pppd/plugins/radius/clientid.c b/pppd/plugins/radius/clientid.c index d49579c..7de0211 100644 --- a/pppd/plugins/radius/clientid.c +++ b/pppd/plugins/radius/clientid.c @@ -110,7 +110,7 @@ UINT4 rc_map2id(char *name) if (*name != '/') strcpy(ttyname, "/dev/"); - strncat(ttyname, name, sizeof(ttyname)); + strncat(ttyname, name, sizeof(ttyname)-strlen(ttyname)-1); for(p = map2id_list; p; p = p->next) if (!strcmp(ttyname, p->name)) return p->id;