Bug#609075: Incorrect use of memset count/value and no null termination

Silvio Cesare Wed, 05 Jan 2011 17:54:20 -0800

Package: sdr
Version: 3.0-7
Severity: minor

In ./sdr_3.0/src/sap_crypt.c


  memset(keylist->keyname, MAXKEYLEN, 0);
  memset(keylist->key, MAXKEYLEN, 0);
  strncpy(keylist->keyname, keyname, MAXKEYLEN);
  strncpy(keylist->key, key, MAXKEYLEN);

It should be memset(keylist->keyname, 0, MAXKEYLEN) etc. Also strncpy does
not gaurantee null termination. Maybe strncpy MAXKEYLEN - 1 once the memset
is fixed, or solve equivalently.

Bug#609075: Incorrect use of memset count/value and no null termination

Reply via email to