ericpassmore
commented
1 year ago from strcat(arg->data, "@");
to strlcat(arg->data, "@", 1);
Closed ericpassmore closed 1 year ago
ericpassmore
commented
1 year ago from strcat(arg->data, "@");
to strlcat(arg->data, "@", 1);
ericpassmore
commented
1 year ago actionArgument_t.data is char[128].
greg7mdp
commented
1 year ago see https://linux.die.net/man/3/strlcpy, last argument should be the full size of the buffer, so sizeof(arg->data) in this case.
src/eos_parse.c:210:5: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [security.insecureAPI.strcpy] strcat(arg->data, "@"); ^
~