Don't call memcpy() with size > src
FORTIFY_SOURCE detected code of the form
char foo[10];
char bar[20];
memcpy(bar, foo, 20);
this code has a read buffer overflow, reading more data
from foo than it contains.
Change-Id: I7b85a2788763a839ce66a37ba84d597167c4a078
diff --git a/mDNSPosix/mDNSUNP.c b/mDNSPosix/mDNSUNP.c
index 7feff31..fb107b5 100755
--- a/mDNSPosix/mDNSUNP.c
+++ b/mDNSPosix/mDNSUNP.c
@@ -117,7 +117,7 @@
continue; /* already processed this interface */
myflags = IFI_ALIAS;
}
- memcpy(lastname, ifname, IFNAMSIZ);
+ strncpy(lastname, ifname, IFNAMSIZ);
ifi = (struct ifi_info*)calloc(1, sizeof(struct ifi_info));
if (ifi == NULL) {
goto gotError;
@@ -164,13 +164,13 @@
/* Add interface name */
- memcpy(ifi->ifi_name, ifname, IFI_NAME);
+ strncpy(ifi->ifi_name, ifname, IFI_NAME);
/* Add interface index */
ifi->ifi_index = index;
/* Add interface flags*/
- memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
if (ioctl(sockfd, SIOCGIFFLAGS, &ifr) < 0) {
if (errno == EADDRNOTAVAIL) {
/*