diff '--color=auto' -Naurd openl2tp-1.8.orig/l2tp_plugin.c openl2tp-1.8/l2tp_plugin.c --- openl2tp-1.8.orig/l2tp_plugin.c 2008-09-25 19:00:55.000000000 +0400 +++ openl2tp-1.8/l2tp_plugin.c 2020-07-12 11:55:23.292225206 +0300 @@ -85,16 +85,20 @@ if (strchr(name, '/') == 0) { const char *base = L2TP_PLUGIN_DIR; - int len = strlen(base) + strlen(name) + 2; + size_t len_base, len_name, len; + len_base = strlen(base); + len_name = strlen(name); + len = len_base + len_name + 2; path = malloc(len); if (path == NULL) { l2tp_log(LOG_ERR, "OOM: plugin file path"); return -ENOMEM; } - strncpy(path, base, len); - strncat(path, "/", len); - strncat(path, name, len); + memcpy(path, base, len_base); + path[len_base] = '/'; + memcpy(path + len_base + 1, name, len_name); + path[len - 1] = '\0'; } else { path = strdup(name); if (path == NULL) { diff '--color=auto' -Naurd openl2tp-1.8.orig/plugins/ppp_unix.c openl2tp-1.8/plugins/ppp_unix.c --- openl2tp-1.8.orig/plugins/ppp_unix.c 2020-07-12 11:37:06.287914337 +0300 +++ openl2tp-1.8/plugins/ppp_unix.c 2020-07-12 12:31:26.042810957 +0300 @@ -811,7 +811,7 @@ { pid_t pid; int result = 0; - char str[10]; + char str[11]; struct l2tp_session_config const *scfg; pid = usl_pid_safe_fork(); @@ -1362,7 +1362,8 @@ tmp_fd = socket(AF_INET, SOCK_DGRAM, 0); if (tmp_fd >= 0) { memset (&ifr, '\0', sizeof (ifr)); - strncpy(ifr.ifr_name, ppp->interface_name, sizeof (ifr.ifr_name)); + strncpy(ifr.ifr_name, ppp->interface_name, sizeof (ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0'; ifr.ifr_mtu = mtu; result = ioctl(tmp_fd, SIOCSIFMTU, (caddr_t) &ifr); diff '--color=auto' -Naurd openl2tp-1.8.orig/l2tp_statusfile.c openl2tp-1.8/l2tp_statusfile.c --- openl2tp-1.8.orig/l2tp_statusfile.c 2020-07-12 15:58:52.279211936 +0300 +++ openl2tp-1.8/l2tp_statusfile.c 2020-07-12 15:59:07.949273953 +0300 @@ -48,7 +48,7 @@ static FILE *l2tp_statusfile_file_create(const char *parent, const char *name) { - char filename[256]; + char filename[257]; FILE *file; if (name != NULL) { @@ -66,7 +66,7 @@ static int l2tp_statusfile_file_delete(const char *root, const char *parent, const char *name) { int result; - char filename[256]; + char filename[257]; if (root == NULL) { if (name != NULL) { @@ -102,7 +102,7 @@ static int l2tp_statusfile_dir_create(const char *parent, const char *name) { int result; - char dirname[256]; + char dirname[257]; if (name != NULL) { sprintf(dirname, L2TP_STATUSFILE_DIR "/%s/%s", parent, name); @@ -127,8 +127,8 @@ static int l2tp_statusfile_dir_delete(const char *root, const char *parent, const char *name, int recursive) { int result; - char dirname[256]; - char filename[256]; + char dirname[257]; + char filename[257]; DIR *dir; struct dirent *entry; struct stat statbuf; diff '--color=auto' -Naurd openl2tp-1.8.orig/l2tp_config.c openl2tp-1.8/l2tp_config.c --- openl2tp-1.8.orig/l2tp_config.c 2020-07-12 16:03:00.062192426 +0300 +++ openl2tp-1.8/l2tp_config.c 2020-07-12 16:07:00.035142012 +0300 @@ -135,7 +135,8 @@ goto out; } if (strcmp(server_name, &server[0])) { - strncpy(&server[0], server_name, sizeof(server)); + strncpy(&server[0], server_name, sizeof(server) - 1); + server[sizeof(server) - 1] = '\0'; clnt_destroy(cl); cl = clnt_create(server, L2TP_PROG, L2TP_VERSION, opt_rpc_protocol); @@ -6629,7 +6630,8 @@ arg++; break; case 'R': - strncpy(server, optarg, sizeof(server)); + strncpy(server, optarg, sizeof(server) - 1); + server[sizeof(server) - 1] = '\0'; arg += 2; l2tp_set_prompt(server); break;