Fixed error to ingore duration value in extra set.
</DD>
<DT>
- Ver.1.5.33 at 2014.9.26
+ Ver.1.5.33 at 2014.9.29
</DT><DD>
Added checking of null language string.
+ Changed strncpy/strncat to strlcpy/strlcat.
</DD>
</DL>
<P>
snprintf(encodeAddr, ADDRMAXLN,
"%lu-%d-%d", address,checkDigit, (int)time(NULL));
}else{
- strncpy(encodeAddr, "0-0-0", ADDRMAXLN);
+ strlcpy(encodeAddr, "0-0-0", ADDRMAXLN);
}
return illform;
}
/* set filter */
- strncpy(filter, "(uid=", BUFFMAXLN);
- strncat(filter, userid, BUFFMAXLN);
- strncat(filter, ")", BUFFMAXLN);
+ strlcpy(filter, "(uid=", BUFFMAXLN);
+ strlcat(filter, userid, BUFFMAXLN);
+ strlcat(filter, ")", BUFFMAXLN);
/* search LDAP entry */
ret = ldap_search_ext_s(ld,baseDn,LDAP_SCOPE_SUBTREE,
serviceNameInConf=GetConfValue("AuthServer/ServiceName");
if(isNull(serviceNameInConf)){
- strncpy(serviceName, PAMSERVICENAME, ADDRMAXLN);
+ strlcpy(serviceName, PAMSERVICENAME, ADDRMAXLN);
}else{
- strncpy(serviceName, serviceNameInConf, ADDRMAXLN);
+ strlcpy(serviceName, serviceNameInConf, ADDRMAXLN);
}
if(!userid || !passwd) return DENY;
if((strstr(startp, ":"))==NULL) return -1;
/* save to macAddr4 */
- strncpy(macAddr4, startp, ADDRMAXLN);
+ strlcpy(macAddr4, startp, ADDRMAXLN);
return 0;
}
char* markPnt=NULL;
- strncpy(useridSave, userid, USERMAXLN);
+ strlcpy(useridSave, userid, USERMAXLN);
/* separate extraId from userid at separator(@) */
markPnt=strchr(useridSave, *GetConfValue("UserIdSeparator"));
if(markPnt==NULL){
/* separator mark not found */
- strncpy(extraId,"",USERMAXLN);
- strncpy(useridshort,useridSave,USERMAXLN);
+ strlcpy(extraId,"",USERMAXLN);
+ strlcpy(useridshort,useridSave,USERMAXLN);
}else{
/* pick up extraId */
*markPnt='\0';
- strncpy(extraId,markPnt+1,USERMAXLN);
- strncpy(useridshort,useridSave,USERMAXLN);
+ strlcpy(extraId,markPnt+1,USERMAXLN);
+ strlcpy(useridshort,useridSave,USERMAXLN);
}
}
char* concatUserId(char* useridfull, char* userId, char* extraId){
/* set full userid */
- strncpy(useridfull, userId,USERMAXLN);
+ strlcpy(useridfull, userId,USERMAXLN);
if(!isNull(extraId)){
- strncat(useridfull, GetConfValue("UserIdSeparator"), USERMAXLN);
- strncat(useridfull, extraId, USERMAXLN);
+ strlcat(useridfull, GetConfValue("UserIdSeparator"), USERMAXLN);
+ strlcat(useridfull, extraId, USERMAXLN);
}
return useridfull;
}
/*******************************/
void getClientAddr(char *clientAddr)
{
- strncpy(clientAddr, getenv("REMOTE_ADDR"), ADDRMAXLN);
+ strlcpy(clientAddr, getenv("REMOTE_ADDR"), ADDRMAXLN);
}
/********************************************/
split(ptr, name, value, next);
if(strstr(name[0], "userid")!=NULL){
- strncpy(userid, value[0], USERMAXLN);
+ strlcpy(userid, value[0], USERMAXLN);
}else if(strstr(name[0], "password")!=NULL){
- strncpy(password, value[0], PASSMAXLN);
+ strlcpy(password, value[0], PASSMAXLN);
}else if(strstr(name[0],"remote_addr")!=NULL){
- strncpy(encodeAddr4,value[0],ADDRMAXLN);
+ strlcpy(encodeAddr4,value[0],ADDRMAXLN);
}else if(strstr(name[0], "language")!=NULL){
- strncpy(language, value[0], WORDMAXLN);
+ strlcpy(language, value[0], WORDMAXLN);
}else if(strstr(name[0], "duration")!=NULL){
- strncpy(durationStr, value[0], WORDMAXLN);
+ strlcpy(durationStr, value[0], WORDMAXLN);
}else if(strstr(name[0], "redirected_url")!=NULL){
- strncpy(redirectedUrl, value[0], BUFFMAXLN);
+ strlcpy(redirectedUrl, value[0], BUFFMAXLN);
}
ptr=next[0];
}
&&(queryStrLen=strlen(getenv("QUERY_STRING")))!=0){
/* get html access parameter string */
- strncpy(queryStr, getenv("QUERY_STRING"), BUFFMAXLN);
+ strlcpy(queryStr, getenv("QUERY_STRING"), BUFFMAXLN);
/* split language and address in content
[addr=0-0-0&lang=ja&redirectedurl=xxxx] */
while(ptr!=NULL){
split(ptr, name, value, next);
if(strstr(name[0], "addr")!=NULL){
- strncpy(encodeAddr4,value[0],ADDRMAXLN);
+ strlcpy(encodeAddr4,value[0],ADDRMAXLN);
}else if(strstr(name[0], "lang")!=NULL){
- strncpy(language, value[0], WORDMAXLN);
+ strlcpy(language, value[0], WORDMAXLN);
}else if(strstr(name[0], "redirectedurl")!=NULL){
- strncpy(redirectedUrl, value[0], BUFFMAXLN);
+ strlcpy(redirectedUrl, value[0], BUFFMAXLN);
}
ptr=next[0];
}
decode(redirectedUrl);
/* if not available language, use first lang */
- strncpy(langList, GetConfValue("HtmlLangs"), BUFFMAXLN); /* list of available languages */
+ strlcpy(langList, GetConfValue("HtmlLangs"), BUFFMAXLN); /* list of available languages */
if(isNull(language) || strstr(langList,language)==NULL){
sscanf(langList,"%s",language);
}
}
/* if the decoded IPv4 addr is not same as access IPv4 addr, use later */
- strncpy(accessAddr, getenv("REMOTE_ADDR"), ADDRMAXLN);
+ strlcpy(accessAddr, getenv("REMOTE_ADDR"), ADDRMAXLN);
if((strnstr(accessAddr, ".", ADDRMAXLN)!=NULL) /* access is IPv4 */
&& strncmp(accessAddr, clientAddr4, ADDRMAXLN)!=0){ /* and not same */
- strncpy(clientAddr4, accessAddr, ADDRMAXLN);
+ strlcpy(clientAddr4, accessAddr, ADDRMAXLN);
}
/* if no userid, set useid="?" */
if(strcmp(GetConfValue("AuthServer/Protocol"), "shibboleth")==0){
pEnv=getenvEx(GetConfValue("AuthServer/UidAttribute"),TRUE,TRUE);
if(!isNull(pEnv)){
- strncpy(userid, pEnv, USERMAXLN);
+ strlcpy(userid, pEnv, USERMAXLN);
/* if idp string can be get from env variable, concatinate it as uid@org */
pEnv=getenvEx(GetConfValue("AuthServer/OrgAttribute"),TRUE,TRUE);
if(!isNull(pEnv)){
- strncat(userid, GetConfValue("UserIdSeparator"), USERMAXLN);
- strncat(userid, pEnv, USERMAXLN);
+ strlcat(userid, GetConfValue("UserIdSeparator"), USERMAXLN);
+ strlcat(userid, pEnv, USERMAXLN);
}
ret=TRUE;
}
else{
pEnv=getenvEx(GetConfValue("AuthServer/EppnAttribute"),TRUE,FALSE);
if(!isNull(pEnv)){
- strncat(userid, pEnv, USERMAXLN);
+ strlcat(userid, pEnv, USERMAXLN);
ret=TRUE;
}
}
/* httpbasic */
else if(strcmp(GetConfValue("AuthServer/Protocol"), "httpbasic")==0){
if(!isNull(getenv("REMOTE_USER"))){
- strncpy(userid,getenv("REMOTE_USER"),USERMAXLN);
+ strlcpy(userid,getenv("REMOTE_USER"),USERMAXLN);
ret=TRUE;
}else{
err_msg("ERR at %s#%d: Cannot get user info from httpbasic",__FILE__,__LINE__);
/* if exist cookie, copy it to work area */
if(isNull(getenv("HTTP_COOKIE"))) return FALSE;
- strncpy(content, getenv("HTTP_COOKIE"), BUFFMAXLN);
+ strlcpy(content, getenv("HTTP_COOKIE"), BUFFMAXLN);
ptr=content;
/* search 'OpengateAuth' cookie string (terminated by ; or \0) */
split(ptr, name, value, next);
if(strstr(name[0], COOKIENAME)!=NULL){
- strncpy(cookie, value[0], SIDMAXLN);
+ strlcpy(cookie, value[0], SIDMAXLN);
}else if(strstr(name[0], "Userid")!=NULL){
- strncpy(userid, value[0], USERMAXLN);
+ strlcpy(userid, value[0], USERMAXLN);
}
ptr=next[0];
}
/* protocol is ssl or non-ssl */
if(strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0){
- strncpy(protocol, "https",WORDMAXLN);
+ strlcpy(protocol, "https",WORDMAXLN);
}else{
- strncpy(protocol, "http",WORDMAXLN);
+ strlcpy(protocol, "http",WORDMAXLN);
}
/* document path to deny doc */
snprintf(opengateDir, BUFFMAXLN, GetConfValue("OpengateDir"));
/* create external URL string */
- strncpy(externalUrl, GetConfValue("ExternalUrl"), BUFFMAXLN);
+ strlcpy(externalUrl, GetConfValue("ExternalUrl"), BUFFMAXLN);
/* create authcgi URL string */
snprintf(authCgiUrl, BUFFMAXLN, "%s%s%s/%s",
{
char url[BUFFMAXLN]="";
if(getenv("HTTP_REFERER")!=NULL){
- strncpy(url,getenv("HTTP_REFERER"),BUFFMAXLN);
+ strlcpy(url,getenv("HTTP_REFERER"),BUFFMAXLN);
if(strstr(url,GetConfValue("OpengateServerName"))==NULL){
return FALSE;
}
/* regist it and open firewall for it */
/* cut out ip-ndp */
- strncpy(tmpAddr,buf,ADDRMAXLN);
+ strlcpy(tmpAddr,buf,ADDRMAXLN);
/* get first ip-reg in address list */
tmp1 = pClientAddr;
/* get first match item */
if(sqlite3_step(stmt)==SQLITE_ROW){
- strncpy(userid, (char*)sqlite3_column_text(stmt, 0), USERMAXLN);
- strncpy(clientAddr4, (char*)sqlite3_column_text(stmt, 1), USERMAXLN);
- strncpy(macAddr, (char*)sqlite3_column_text(stmt, 2), USERMAXLN);
+ strlcpy(userid, (char*)sqlite3_column_text(stmt, 0), USERMAXLN);
+ strlcpy(clientAddr4, (char*)sqlite3_column_text(stmt, 1), USERMAXLN);
+ strlcpy(macAddr, (char*)sqlite3_column_text(stmt, 2), USERMAXLN);
*duration=(int)sqlite3_column_int(stmt, 3);
*durationEntered=(int)sqlite3_column_int(stmt, 4);
- strncpy(language, (char*)sqlite3_column_text(stmt, 5), WORDMAXLN);
- strncpy(closeTime, (char*)sqlite3_column_text(stmt, 6), WORDMAXLN);
+ strlcpy(language, (char*)sqlite3_column_text(stmt, 5), WORDMAXLN);
+ strlcpy(closeTime, (char*)sqlite3_column_text(stmt, 6), WORDMAXLN);
resultFlag=TRUE;
}else{
resultFlag=FALSE;
}
/* set the item info */
- strncpy(pNew->name, name, WORDMAXLN);
+ strlcpy(pNew->name, name, WORDMAXLN);
pNew->timeout = timeout;
pNew->unixtime = time(NULL) + timeout;
pNew->preceding = preceding;
PutClientMsg("Error: Please contact to the administrator");
exit(1);
}
- strncpy(pNew->ipAddr,ipAddr,ADDRMAXLN);
- strncpy(pNew->ruleNumber,ruleNumber,WORDMAXLN);
+ strlcpy(pNew->ipAddr,ipAddr,ADDRMAXLN);
+ strlcpy(pNew->ruleNumber,ruleNumber,WORDMAXLN);
pNew->ipType = ipType;
pNew->timeIn = time(NULL);
pNew->activeStatus=TRUE;
if((xmlRoot = ezxml_parse_file(CONFIGFILE))==NULL){
/* as the syslog is not prepared, error is send to web*/
- strncpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
- strncat(buff, CONFIGFILE,BUFFMAXLN);
- strncat(buff, " is not found. Call the administrator.</H3><BR>",BUFFMAXLN);
+ strlcpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
+ strlcat(buff, CONFIGFILE,BUFFMAXLN);
+ strlcat(buff, " is not found. Call the administrator.</H3><BR>",BUFFMAXLN);
PutClientMsg(buff);
return -1;
if(*errMsg!='\0'){
/* as the syslog is not prepared, error is send to web*/
- strncpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
- strncat(buff, CONFIGFILE,BUFFMAXLN);
- strncat(buff, " is illegal. Call the administrator.</H3><HR>",BUFFMAXLN);
- strncat(buff, "XML parser message: ", BUFFMAXLN);
- strncat(buff, errMsg, BUFFMAXLN);
- strncat(buff, "<HR>", BUFFMAXLN);
+ strlcpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
+ strlcat(buff, CONFIGFILE,BUFFMAXLN);
+ strlcat(buff, " is illegal. Call the administrator.</H3><HR>",BUFFMAXLN);
+ strlcat(buff, "XML parser message: ", BUFFMAXLN);
+ strlcat(buff, errMsg, BUFFMAXLN);
+ strlcat(buff, "<HR>", BUFFMAXLN);
PutClientMsg(buff);
return -1;
/* check the config file version */
if(isNull(ezxml_attr(xmlRoot, "ConfigVersion"))||
(strcmp(CONFIG_VERSION, ezxml_attr(xmlRoot, "ConfigVersion"))!=0)){
- strncpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
- strncat(buff, CONFIGFILE, BUFFMAXLN);
- strncat(buff, " has mismatch version.<br> Please update it with ",BUFFMAXLN);
- strncat(buff, CONFIGFILE, BUFFMAXLN);
- strncat(buff, ".sample.",BUFFMAXLN);
+ strlcpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
+ strlcat(buff, CONFIGFILE, BUFFMAXLN);
+ strlcat(buff, " has mismatch version.<br> Please update it with ",BUFFMAXLN);
+ strlcat(buff, CONFIGFILE, BUFFMAXLN);
+ strlcat(buff, ".sample.",BUFFMAXLN);
PutClientMsg(buff);
return -1;
atoi(GetConfValue("Syslog/Facility"))==0){
/* as the syslog is not prepared, error is send to web*/
- strncpy(buff, "<H3>Error: correct SYSLOG setting(local0-local7) is not found in Opengate configuration file ",BUFFMAXLN);
- strncat(buff, CONFIGFILE,BUFFMAXLN);
- strncat(buff, ". Call the administrator.</H3><BR>",BUFFMAXLN);
+ strlcpy(buff, "<H3>Error: correct SYSLOG setting(local0-local7) is not found in Opengate configuration file ",BUFFMAXLN);
+ strlcat(buff, CONFIGFILE,BUFFMAXLN);
+ strlcat(buff, ". Call the administrator.</H3><BR>",BUFFMAXLN);
PutClientMsg(buff);
return -1;
if(strstr(name,"AuthServer/")==name) return GetConfAuthServer(name);
/* copy name to work area */
- strncpy(buff,name,BUFFMAXLN);
+ strlcpy(buff,name,BUFFMAXLN);
/* get first token */
pStr=strtok(buff, SEPARATOR);
if(xmlExtraSet==NULL) return "";
/* extract first token in name */
- strncpy(buff,name,BUFFMAXLN);
+ strlcpy(buff,name,BUFFMAXLN);
pStr=strtok(buff, SEPARATOR);
/* get a first level matched node in extra set */
ezxml_t xml;
/* copy name to work area */
- strncpy(buff,name,BUFFMAXLN);
+ strlcpy(buff,name,BUFFMAXLN);
/* get first token */
pStr=strtok(buff, SEPARATOR);
if(buff==NULL) return 1;
- strncpy(tempBuff, buff, BUFFMAXLN);
- strncpy(buff,"",BUFFMAXLN);
+ strlcpy(tempBuff, buff, BUFFMAXLN);
+ strlcpy(buff,"",BUFFMAXLN);
for(pBuff = tempBuff;
(pNext=strSplit(pBuff, beforeStr)) != NULL;
pBuff = pNext){
- strncat(buff,pBuff,BUFFMAXLN);
- strncat(buff,afterStr,BUFFMAXLN);
+ strlcat(buff,pBuff,BUFFMAXLN);
+ strlcat(buff,afterStr,BUFFMAXLN);
}
- strncat(buff,pBuff,BUFFMAXLN);
+ strlcat(buff,pBuff,BUFFMAXLN);
return 0;
}
if(!isNull(getenv("QUERY_STRING"))){
/* get html access parameter string (attached at the end of url) */
- strncpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
+ strlcpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
}
/* split language and address in paramString
if(isNull(pAddr4)){
clientAddr[0]='\0';
}else{
- strncpy(clientAddr, pAddr4, ADDRMAXLN);
+ strlcpy(clientAddr, pAddr4, ADDRMAXLN);
}
/* get language and check its correctness */
if(!isNull(pLang) && strstr(GetConfValue("HtmlLangs"), pLang)!=NULL){
/* if corrrect, set it */
- strncpy(lang, pLang, WORDMAXLN);
+ strlcpy(lang, pLang, WORDMAXLN);
}else{
/* if not correct, get default language at the top of lang list */
}
/* copy redirected URL */
- strncpy(redirectedUrl, pUrl, BUFFMAXLN);
+ strlcpy(redirectedUrl, pUrl, BUFFMAXLN);
/* send out header */
printf("Content-Type: text/html\r\n\r\n");
|| strcmp(authProtocol, "shibboleth")==0
|| strcmp(authProtocol, "httpbasic")==0 ){
- strncat(htmlFile, GetConfValue("SkipAuthDoc"), BUFFMAXLN);
+ strlcat(htmlFile, GetConfValue("SkipAuthDoc"), BUFFMAXLN);
/* ssl or non-ssl protocol */
if(!isNull(getenv("SERVER_PORT"))
&& strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
- strncpy(protocol, "https", WORDMAXLN);
+ strlcpy(protocol, "https", WORDMAXLN);
}else{
- strncpy(protocol, "http", WORDMAXLN);
+ strlcpy(protocol, "http", WORDMAXLN);
}
}
/* ssl or non-ssl file */
if(!isNull(getenv("SERVER_PORT"))
&& strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
- strncat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
+ strlcat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
}else{
- strncat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
+ strlcat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
}
}
if(isNull(getenv("QUERY_STRING"))){
lang[0]='\0';
}else{
- strncpy(lang, getenv("QUERY_STRING"), ADDRMAXLN);
+ strlcpy(lang, getenv("QUERY_STRING"), ADDRMAXLN);
}
/* if not get, use default lang at the top of lang list */
if(isNull(getenv("REMOTE_ADDR"))){
clientAddr[0]='\0';
}else{
- strncpy(clientAddr,getenv("REMOTE_ADDR"),ADDRMAXLN);
+ strlcpy(clientAddr,getenv("REMOTE_ADDR"),ADDRMAXLN);
}
/* encode the address(if IPv6 addr, return 0-0-0) */
/* open firewall */
OpenClientGate4(clientAddr,"user1",NULL,NULL);
- strncpy(ClientAddr.ipAddr,clientAddr,ADDRMAXLN);
+ strlcpy(ClientAddr.ipAddr,clientAddr,ADDRMAXLN);
ClientAddr.ipType = IPV4;
ClientAddr.timeIn = time(NULL);
ClientAddr.next = NULL;
printf("This program and ipfw command be executed by root user\n\n");
printf("ENTER ANY charcter to remove the added rule\n\n");
scanf("%s",dummy);
- strncpy(ClientAddr.ruleNumber,dummy,WORDMAXLN);
+ strlcpy(ClientAddr.ruleNumber,dummy,WORDMAXLN);
/* close firewall */
CloseClientGate4(pClientAddr,"user1",NULL);
struct clientAddr *pClientAddr;
pClientAddr = &ClientAddr;
- strncpy(ClientAddr.ipAddr,"127.0.0.1",ADDRMAXLN);
+ strlcpy(ClientAddr.ipAddr,"127.0.0.1",ADDRMAXLN);
ClientAddr.next=NULL;
- strncpy(ClientAddr.ruleNumber,"10000",WORDMAXLN);
+ strlcpy(ClientAddr.ruleNumber,"10000",WORDMAXLN);
ClientAddr.ipType=IPV4;
ClientAddr.timeIn=time(NULL);
FILE *file;
/* insert command path */
- strncpy(commandLine, path, BUFFMAXLN);
+ strlcpy(commandLine, path, BUFFMAXLN);
/* insert command arguments */
va_start(ap, path);
while((pStr=va_arg(ap, char *))!=(char *)0){
strcat(commandLine, " ");
- strncat(commandLine, pStr, BUFFMAXLN);
+ strlcat(commandLine, pStr, BUFFMAXLN);
}
va_end(ap);
int ret;
/* insert command path */
- strncpy(commandLine, path, BUFFMAXLN);
+ strlcpy(commandLine, path, BUFFMAXLN);
/* insert command arguments */
va_start(ap, path);
while((pStr=va_arg(ap, char *))!=(char *)0){
strcat(commandLine, " ");
- strncat(commandLine, pStr, BUFFMAXLN);
+ strlcat(commandLine, pStr, BUFFMAXLN);
}
va_end(ap);
int found=FALSE;
/* copy string not to destroy it */
- strncpy(work, env, BUFFMAXLN);
+ strlcpy(work, env, BUFFMAXLN);
/* repeat for variables */
thisVar=nextVar=work;
if(Getpeername(sockfd, cliaddr, &len)<0) return; /* if error, return */
pAddr=Sock_ntop_host(cliaddr, len);
- if(pAddr!=NULL) strncpy(peerAddr, pAddr, ADDRMAXLN);
+ if(pAddr!=NULL) strlcpy(peerAddr, pAddr, ADDRMAXLN);
free(cliaddr);
}
/* save hello request string including keys */
- strncpy(previousHello, buff, BUFFMAXLN);
+ strlcpy(previousHello, buff, BUFFMAXLN);
/* if received key is correct, save time */
if(IsRightKey(buff+strlen("GET /hello-"), sessionId)){
/* initial value of savedKey is md5(md5(sessionId)+sessionId) */
if(isNull(savedKey)){
md5hex(tempbuff, 33, sessionId);
- strncat(tempbuff, sessionId, BUFFMAXLN);
+ strlcat(tempbuff, sessionId, BUFFMAXLN);
md5hex(savedKey, 33, tempbuff);
}
*(pNextKey+32)='\0';
/* make string [nowKey+sessionId] */
- strncpy(tempbuff, pNowKey, BUFFMAXLN);
- strncat(tempbuff, sessionId, BUFFMAXLN);
+ strlcpy(tempbuff, pNowKey, BUFFMAXLN);
+ strlcat(tempbuff, sessionId, BUFFMAXLN);
/* compare savedKey and md5(nowKey+sessionId) */
if(strcmp(savedKey, md5hex(md5work, 33, tempbuff))==0){
/* save nextKey for next check */
- strncpy(savedKey, pNextKey, 33);
+ strlcpy(savedKey, pNextKey, 33);
return TRUE;
}
else{