From 09490aeb93af987d8ab9072668a2b2acd1234769 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Sat, 23 Apr 2016 07:40:34 +0800 Subject: [PATCH] coverity 160167 resource_path set at cmake may overflow buffer resource_path is configured at cmake time (it's like /usr/share/libwebsockets-test-server) it's true if you gave a >255 char path there it would blow up. It's fixed but again not network-accessible. Signed-off-by: Andy Green --- lwsws/http.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lwsws/http.c b/lwsws/http.c index 7f086339..000b90ca 100644 --- a/lwsws/http.c +++ b/lwsws/http.c @@ -152,7 +152,8 @@ int callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user, if (lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI)) return 0; - strcpy(buf, resource_path); + strncpy(buf, resource_path, sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; if (strcmp(in, "/")) { if (*((const char *)in) != '/') strcat(buf, "/");