From 59ccaaebf616bc0be96af3b9b8c0be6828113edc Mon Sep 17 00:00:00 2001 From: Alejandro Sirgo Rica Date: Mon, 15 Jul 2024 10:15:05 +0200 Subject: rest: replace strcat with strncat in og_set_client_mode Improve string handling security by replacing strcat with the more secure strncat. --- src/rest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rest.c b/src/rest.c index 8191648..c0e158e 100644 --- a/src/rest.c +++ b/src/rest.c @@ -1355,7 +1355,8 @@ static int og_set_client_mode(struct og_dbi *dbi, const char *mac, dbi_result_next_row(result); for (i = 1; i <= dbi_result_get_numfields(result); ++i) - strcat(params, dbi_result_get_string_idx(result, i)); + strncat(params, dbi_result_get_string_idx(result, i), + sizeof(params) - strlen(params) - 1); dbi_result_free(result); -- cgit v1.2.3-18-g5258