diff --git a/coreapi/bellesip_sal/sal_sdp.c b/coreapi/bellesip_sal/sal_sdp.c
index 9cd5a5ed8111016f0d4065c66b745ebe01627edc..d00f4d806d0b6a0b3c6551289fd8a548160892a9 100644
--- a/coreapi/bellesip_sal/sal_sdp.c
+++ b/coreapi/bellesip_sal/sal_sdp.c
@@ -486,7 +486,7 @@ static void sdp_parse_payload_types(belle_sdp_media_description_t *media_desc, S
static void sdp_parse_media_crypto_parameters(belle_sdp_media_description_t *media_desc, SalStreamDescription *stream) {
belle_sip_list_t *attribute_it;
belle_sdp_attribute_t *attribute;
- char tmp[257], tmp2[257], parameters[257]={0};
+ char tmp[257]={0}, tmp2[128]={0}, parameters[257]={0};
int valid_count = 0;
int nb;
@@ -497,7 +497,7 @@ static void sdp_parse_media_crypto_parameters(belle_sdp_media_description_t *med
attribute=BELLE_SDP_ATTRIBUTE ( attribute_it->data );
if ( keywordcmp ( "crypto",belle_sdp_attribute_get_name ( attribute ) ) ==0 && belle_sdp_attribute_get_value ( attribute ) !=NULL ) {
- nb = sscanf ( belle_sdp_attribute_get_value ( attribute ), "%d %256s inline:%256s %256s",
+ nb = sscanf ( belle_sdp_attribute_get_value ( attribute ), "%d %256s inline:%128s %256s",
&stream->crypto[valid_count].tag,
tmp,
tmp2, parameters );
@@ -514,7 +514,8 @@ static void sdp_parse_media_crypto_parameters(belle_sdp_media_description_t *med
stream->crypto[valid_count].algo = MS_CRYPTO_SUITE_INVALID;
}else{
char *sep;
- strncpy ( stream->crypto[valid_count].master_key, tmp2, sizeof(stream->crypto[valid_count].master_key)-1 );
+ strncpy ( stream->crypto[valid_count].master_key, tmp2, sizeof(stream->crypto[valid_count].master_key));
+ stream->crypto[valid_count].master_key[sizeof(stream->crypto[valid_count].master_key) - 1] = '\0';
sep=strchr(stream->crypto[valid_count].master_key,'|');
if (sep) *sep='\0';
stream->crypto[valid_count].algo = cs;
@@ -566,7 +567,7 @@ static void sdp_parse_media_ice_parameters(belle_sdp_media_description_t *media_
while (3 == sscanf(ptr, "%u %s %u%n", &componentID, candidate.addr, &candidate.port, &offset)) {
if ((componentID > 0) && (componentID <= SAL_MEDIA_DESCRIPTION_MAX_ICE_REMOTE_CANDIDATES)) {
SalIceRemoteCandidate *remote_candidate = &stream->ice_remote_candidates[componentID - 1];
- strncpy(remote_candidate->addr, candidate.addr, sizeof(remote_candidate->addr)-1);
+ strncpy(remote_candidate->addr, candidate.addr, sizeof(remote_candidate->addr));
remote_candidate->port = candidate.port;
}
ptr += offset;
@@ -814,15 +815,17 @@ static SalStreamDescription * sdp_to_stream_description(SalMediaDescription *md,
snprintf(stream->rtcp_addr, sizeof(stream->rtcp_addr), "%s", stream->rtp_addr);
attribute=belle_sdp_media_description_get_attribute(media_desc,"rtcp");
if (attribute && (value=belle_sdp_attribute_get_value(attribute))!=NULL){
- char tmp[256];
+ char *tmp = (char *)ms_malloc0(strlen(value));
int nb = sscanf(value, "%d IN IP4 %s", &stream->rtcp_port, tmp);
if (nb == 1) {
/* SDP rtcp attribute only contains the port */
} else if (nb == 2) {
- strncpy(stream->rtcp_addr, tmp, sizeof(stream->rtcp_addr)-1);
+ strncpy(stream->rtcp_addr, tmp, sizeof(stream->rtcp_addr));
+ stream->rtcp_addr[sizeof(stream->rtcp_addr) - 1] = '\0';
} else {
ms_warning("sdp has a strange a=rtcp line (%s) nb=%i", value, nb);
}
+ ms_free(tmp);
}
/* Read DTLS specific attributes : check is some are found in the stream description otherwise copy the session description one(which are at least set to Invalid) */
diff --git a/coreapi/call_log.c b/coreapi/call_log.c
index a4f52c67f956d0018568380d9e28548bbf745056..c6c4270e14878ba1816fc3ade28907b4b0835ab5 100644
--- a/coreapi/call_log.c
+++ b/coreapi/call_log.c
@@ -149,6 +149,7 @@ bctbx_list_t * linphone_core_read_call_logs_from_config_file(LinphoneCore *lc){
tmp=lp_config_get_string(cfg,logsection,"start_date",NULL);
if (tmp) {
strncpy(cl->start_date,tmp,sizeof(cl->start_date));
+ cl->start_date[sizeof(cl->start_date) - 1] = '\0';
cl->start_date_time=string_to_time(cl->start_date);
}
}
diff --git a/coreapi/presence.c b/coreapi/presence.c
index bb4ffa0879681c490a6752e3324e8ae36de7aa63..436388ce39a7e1bb06e17558969520b9c4779754 100644
--- a/coreapi/presence.c
+++ b/coreapi/presence.c
@@ -202,7 +202,6 @@ static time_t parse_timestamp(const char *timestamp) {
}
char * linphone_timestamp_to_rfc3339_string(time_t timestamp) {
- char timestamp_str[22];
struct tm *ret;
#ifndef _WIN32
struct tm gmt;
@@ -210,9 +209,12 @@ char * linphone_timestamp_to_rfc3339_string(time_t timestamp) {
#else
ret = gmtime(×tamp);
#endif
- snprintf(timestamp_str, sizeof(timestamp_str), "%4d-%02d-%02dT%02d:%02d:%02dZ",
+ int n = snprintf(0, 0, "%4d-%02d-%02dT%02d:%02d:%02dZ",
ret->tm_year + 1900, ret->tm_mon + 1, ret->tm_mday, ret->tm_hour, ret->tm_min, ret->tm_sec);
- return ms_strdup(timestamp_str);
+ char *timestamp_str = (char *) ms_malloc(n + 1);
+ snprintf(timestamp_str, n + 1, "%4d-%02d-%02dT%02d:%02d:%02dZ",
+ ret->tm_year + 1900, ret->tm_mon + 1, ret->tm_mday, ret->tm_hour, ret->tm_min, ret->tm_sec);
+ return timestamp_str;
}
static LinphonePresencePerson * presence_person_new(const char *id, time_t timestamp) {
diff --git a/coreapi/sipsetup.c b/coreapi/sipsetup.c
index fbbbd5c594697a3edc7f3c4691c2a873da2d1ee7..31f96ed8079d5d02e65eca22daf20c7520a8beca 100644
--- a/coreapi/sipsetup.c
+++ b/coreapi/sipsetup.c
@@ -149,7 +149,9 @@ LinphoneStatus sip_setup_context_login_account(SipSetupContext * ctx, const char
return -1;
}
strncpy(ctx->domain,linphone_address_get_domain(from),sizeof(ctx->domain));
+ ctx->domain[sizeof(ctx->domain) - 1] = '\0';
strncpy(ctx->username,linphone_address_get_username(from),sizeof(ctx->username));
+ ctx->username[sizeof(ctx->username) - 1] = '\0';
linphone_address_unref(from);
if (ctx->funcs->login_account)
return ctx->funcs->login_account(ctx,uri,passwd,userid);
diff --git a/src/conference/session/media-session.cpp b/src/conference/session/media-session.cpp
index 32042b40b5329fbdd747a8f23897fabe77c9965d..4ab58e3950c29f38d05e98ee8511613ef868dff7 100644
--- a/src/conference/session/media-session.cpp
+++ b/src/conference/session/media-session.cpp
@@ -1357,8 +1357,10 @@ void MediaSessionPrivate::makeLocalMediaDescription () {
getParams()->getPrivate()->adaptToNetwork(q->getCore()->getCCore(), pingTime);
string subject = q->getParams()->getSessionName();
- if (!subject.empty())
+ if (!subject.empty()) {
strncpy(md->name, subject.c_str(), sizeof(md->name));
+ md->name[sizeof(md->name) - 1] = '\0';
+ }
md->session_id = (oldMd ? oldMd->session_id : (rand() & 0xfff));
md->session_ver = (oldMd ? (oldMd->session_ver + 1) : (rand() & 0xfff));
md->nb_streams = (biggestDesc ? biggestDesc->nb_streams : 1);
@@ -1370,14 +1372,18 @@ void MediaSessionPrivate::makeLocalMediaDescription () {
}
strncpy(md->addr, mediaLocalIp.c_str(), sizeof(md->addr));
+ md->addr[sizeof(md->addr) - 1] = '\0';
+
LinphoneAddress *addr = nullptr;
if (destProxy) {
addr = linphone_address_clone(linphone_proxy_config_get_identity_address(destProxy));
} else {
addr = linphone_address_new(linphone_core_get_identity(q->getCore()->getCCore()));
}
- if (linphone_address_get_username(addr)) /* Might be null in case of identity without userinfo */
+ if (linphone_address_get_username(addr)) {/* Might be null in case of identity without userinfo */
strncpy(md->username, linphone_address_get_username(addr), sizeof(md->username));
+ md->username[sizeof(md->username) - 1] = '\0';
+ }
linphone_address_unref(addr);
int bandwidth = getParams()->getPrivate()->getDownBandwidth();
diff --git a/src/db/session/db-session.cpp b/src/db/session/db-session.cpp
index bf3ff5b72b82de057c83b275990ce1d83b02416d..990b9eef30a66e1c6d242d7ddf9b94ab7d144f93 100644
--- a/src/db/session/db-session.cpp
+++ b/src/db/session/db-session.cpp
@@ -134,10 +134,16 @@ string DbSession::currentTimestamp () const {
// Ugly hack but Sqlite3 does not allow table alteration where we add a date column using a default value
// of CURRENT_TIMESTAMP.
const tm &now = Utils::getTimeTAsTm(std::time(nullptr));
- char buffer[22];
+ int n = snprintf(
+ 0,
+ 0,
+ "'%d-%02d-%02d %02d:%02d:%02d'",
+ now.tm_year + 1900, now.tm_mon + 1, now.tm_mday, now.tm_hour, now.tm_min, now.tm_sec
+ );
+ char buffer[n + 1];
snprintf(
buffer,
- sizeof buffer,
+ n+1,
"'%d-%02d-%02d %02d:%02d:%02d'",
now.tm_year + 1900, now.tm_mon + 1, now.tm_mday, now.tm_hour, now.tm_min, now.tm_sec
);
diff --git a/src/nat/ice-agent.cpp b/src/nat/ice-agent.cpp
index b296f066a574f36dc1f25072ccfc28dfc98991d9..dd92dfdd6595cdfe2b9fb0fd4fdfe7274de25ebb 100644
--- a/src/nat/ice-agent.cpp
+++ b/src/nat/ice-agent.cpp
@@ -327,7 +327,10 @@ void IceAgent::updateLocalMediaDescriptionFromIce (SalMediaDescription *desc) {
}
strncpy(desc->ice_pwd, ice_session_local_pwd(iceSession), sizeof(desc->ice_pwd));
+ desc->ice_pwd[sizeof(desc->ice_pwd) - 1] = '\0';
strncpy(desc->ice_ufrag, ice_session_local_ufrag(iceSession), sizeof(desc->ice_ufrag));
+ desc->ice_ufrag[sizeof(desc->ice_ufrag) - 1] = '\0';
+
for (int i = 0; i < desc->nb_streams; i++) {
SalStreamDescription *stream = &desc->streams[i];
IceCheckList *cl = ice_session_check_list(iceSession, i);
diff --git a/src/nat/stun-client.cpp b/src/nat/stun-client.cpp
index 590abfd1db4d18e26ebb4721a1af2cef2e7952c3..a7ddc671cfc8444c81c88cabe673d3b6967c996f 100644
--- a/src/nat/stun-client.cpp
+++ b/src/nat/stun-client.cpp
@@ -159,8 +159,10 @@ void StunClient::updateMediaDescription (SalMediaDescription *md) const {
audioCandidate.address == videoCandidate.address
) ||
sal_media_description_get_nb_active_streams(md) == 1
- )
+ ) {
strncpy(md->addr, audioCandidate.address.c_str(), sizeof(md->addr));
+ md->addr[sizeof(md->addr) - 1] = '\0';
+ }
} else if (md->streams[i].type == SalVideo && videoCandidate.port != 0) {
strncpy(md->streams[i].rtp_addr, videoCandidate.address.c_str(), sizeof(md->streams[i].rtp_addr));
md->streams[i].rtp_port = videoCandidate.port;
diff --git a/tester/quality_reporting_tester.c b/tester/quality_reporting_tester.c
index ef00ace9d3bcea15020dff39f898c95ccb1b40f2..6d7c4ce06d31afe8913666322507c15cea96898e 100644
--- a/tester/quality_reporting_tester.c
+++ b/tester/quality_reporting_tester.c
@@ -211,7 +211,7 @@ static void on_report_send_remove_fields (const LinphoneCall *call, SalStreamTyp
/* Corrupt start of the report */
const char *corrupted_str = "corrupted report is corrupted";
size_t corrupted_len = strlen(corrupted_str);
- strncpy(body, corrupted_str, corrupted_len);
+ strncpy(body, corrupted_str, corrupted_len + 1);
linphone_content_set_string_buffer((LinphoneContent *)content, body);
bctbx_free(body);
}
diff --git a/tester/tester.c b/tester/tester.c
index 86a4d71c9c468c45e6791611663daba0db1a82bc..abe75328559f68a317138bbd2b5303d031025e26 100644
--- a/tester/tester.c
+++ b/tester/tester.c
@@ -958,6 +958,7 @@ static void linphone_conference_server_refer_received(LinphoneCore *core, const
if(refer_to_addr == NULL) return;
strncpy(method, linphone_address_get_method_param(refer_to_addr), sizeof(method));
+ method[sizeof(method) - 1] = '\0';
if(strcmp(method, "BYE") == 0) {
linphone_address_clean(refer_to_addr);
uri = linphone_address_as_string_uri_only(refer_to_addr);
diff --git a/tools/test_ecc.c b/tools/test_ecc.c
index c2259d30c09c7d496a0864b243a6dc821f2dadc6..e8e8d8c0737aef5709a3fcdcd88a703beeffa08b 100644
--- a/tools/test_ecc.c
+++ b/tools/test_ecc.c
@@ -42,6 +42,7 @@ void parse_args(int argc, char *argv[]) {
exit(-1);
}
strncpy(config_file, argv[2], 1024);
+ config_file[sizeof(config_file) - 1] = '\0';
}
int main(int argc, char *argv[]) {