[njs] Improved njs_ftw().
Dmitry Volyntsev
xeioex at nginx.com
Thu Dec 23 13:31:45 UTC 2021
details: https://hg.nginx.org/njs/rev/9e1fd062a1d8
branches:
changeset: 1779:9e1fd062a1d8
user: Dmitry Volyntsev <xeioex at nginx.com>
date: Thu Dec 23 13:30:44 2021 +0000
description:
Improved njs_ftw().
Replacing strcpy() with memcpy() as the former is considered
insecure.
Found by Clang static analyzer.
diffstat:
external/njs_fs.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diffs (12 lines):
diff -r 82518ae9f209 -r 9e1fd062a1d8 external/njs_fs.c
--- a/external/njs_fs.c Wed Dec 22 17:22:14 2021 +0000
+++ b/external/njs_fs.c Thu Dec 23 13:30:44 2021 +0000
@@ -2153,7 +2153,7 @@ njs_ftw(char *path, njs_file_tree_walk_c
}
path[base] = '/';
- strcpy(path + base + 1, d_name);
+ memcpy(&path[base + 1], d_name, length + sizeof("\0"));
if (fd_limit != 0) {
ret = njs_ftw(path, cb, fd_limit - 1, flags, &trace);
More information about the nginx-devel
mailing list