RPJosh
/
neatvnc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

server: Use memcpy instead of strncpy for username/password 

This fixed zero-termination error
pull/96/head
Andri Yngvason 2023-10-02 21:56:59 +00:00
parent f54aeed334
commit 913c314b31
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/server.c
View File

@ -755,11 +755,10 @@ static int on_rsa_aes_credentials(struct nvnc_client* client)
char username[256];
char password[256];
strncpy(username, (const char*)(msg + 1), username_len + 1);
username[sizeof(username) - 1] = '\0';
strncpy(password, (const char*)(msg + 2 + username_len),
password_len + 1);
password[sizeof(password) - 1] = '\0';
memcpy(username, (const char*)(msg + 1), username_len);
username[username_len] = '\0';
memcpy(password, (const char*)(msg + 2 + username_len), password_len);
password[password_len] = '\0';
if (server->auth_fn(username, password, server->auth_ud)) {
nvnc_log(NVNC_LOG_INFO, "User \"%s\" authenticated", username);