From a520ea40a18d81267d128ec5b2fb87d541558c72 Mon Sep 17 00:00:00 2001 From: Jeesun Kim Date: Fri, 21 Apr 2017 10:08:27 +0900 Subject: fix security svace: strcpy Signed-off-by: Jeesun Kim Change-Id: I5cdf32284d126b2e8835f5b0dafdd888895e4730 --- email-core/email-core-mm-callbacks.c | 4 ++-- email-core/email-core-utils.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/email-core/email-core-mm-callbacks.c b/email-core/email-core-mm-callbacks.c index eef6494..8d9208b 100755 --- a/email-core/email-core-mm-callbacks.c +++ b/email-core/email-core-mm-callbacks.c @@ -258,8 +258,8 @@ INTERNAL_FUNC void mm_login(NETMBX *mb, char *user, char *pwd, long trial) } if (EM_SAFE_STRLEN(username) > 0 && EM_SAFE_STRLEN(password) > 0) { - strcpy(user, username); - strcpy(pwd, password); + EM_SAFE_STRNCPY(user, username, NETMAXUSER- EM_SAFE_STRLEN(user) -1); + EM_SAFE_STRNCPY(pwd, password, MAILTMPLEN - EM_SAFE_STRLEN(pwd) -1); } else EM_DEBUG_EXCEPTION("User Information is NULL || EM_SAFE_STRLEN is 0 "); diff --git a/email-core/email-core-utils.c b/email-core/email-core-utils.c index 02d00b4..01b57a0 100755 --- a/email-core/email-core-utils.c +++ b/email-core/email-core-utils.c @@ -3246,7 +3246,7 @@ int emcore_strip_HTML_tag(const char *input_html_file_path, char *input_encoding emcore_get_content_string(root_element, result_string, input_result_buffer_legnth, &exit_flag); char *replaced_string = reg_replace_new(result_string, "[ \t\r\n\v\f]+", " "); - EM_SAFE_STRCPY(output_result_buffer, replaced_string); + EM_SAFE_STRNCPY(output_result_buffer, replaced_string, input_result_buffer_legnth - EM_SAFE_STRLEN(output_result_buffer) -1); EM_SAFE_FREE(replaced_string); em_trim_left(output_result_buffer); -- cgit v1.2.3