Fix: ini parser: truncation of value name

[lttng-tools.git] / src / common / config / ini.c

diff --git a/src/common/config/ini.c b/src/common/config/ini.c
index 18ed705be9c0d74e9ce2a533bb9ca507456186f4..c8cf307aa82c1853f47abdc8eaca5e0bb8771608 100644 (file)
--- a/src/common/config/ini.c
+++ b/src/common/config/ini.c
@@ -3,7 +3,9 @@
  *
  * The "inih" library is distributed under the New BSD license:
  *
- * Copyright (c) 2009, Brush Technology - All rights reserved.
+ * Copyright (C) 2009 Brush Technology - All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -31,7 +33,6 @@
  * http://code.google.com/p/inih/
  */
 
-#define _GNU_SOURCE
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
@@ -83,7 +84,7 @@ static char* find_char_or_comment(const char* s, char c)
 /* Version of strncpy that ensures dest (size bytes) is null-terminated. */
 static char* strncpy0(char* dest, const char* src, size_t size)
 {
-       strncpy(dest, src, size);
+       strncpy(dest, src, size - 1);
        dest[size - 1] = '\0';
        return dest;
 }
@@ -181,6 +182,10 @@ int ini_parse_file(FILE* file, ini_entry_handler handler, void* user)
                                 * Valid name[=:]value pair found, call
                                 * handler
                                 */
+                               if (strlen(name) >= sizeof(prev_name)) {
+                                       /* Truncation occurs, report an error. */
+                                       error = lineno;
+                               }
                                strncpy0(prev_name, name, sizeof(prev_name));
                                if (handler(user, section, name, value) < 0 &&
                                        !error) {