listen: Fix potential buffer overflow.

Sounds evil but would only be exploitable when getservbyport is accessing
a database that's under an attacker's control.  The /etc/services file
shipping with Fedora 34 has entries of a maximum length of 15 characters
so are just fine.
Fixed by not copying the string returned by getservbyport - which also is
faster.  At that point it becomes possible to reduce the length of str[]
to 6 bytes.

Found by the following GCC 11 warning:

gcc -DHAVE_CONFIG_H -I. -I..     -g -O2 -Wall -MT utils.o -MD -MP -MF .deps/utils.Tpo -c -o utils.o utils.c
utils.c: In function ‘servname’:
utils.c:124:17: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]
  124 |                 strncpy(str, serv->s_name, 16);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

1 files changed, 3 insertions, 3 deletions

diff --git a/listen/utils.c b/listen/utils.c
index 4d99e10..f16f773 100644
--- a/listen/utils.c
+++ b/listen/utils.c
@@ -118,12 +118,12 @@ int initcolor(void)
 char *servname(int port, char *proto)
 {
 	struct servent *serv;
-	static char str[16];
+	static char str[6];
 
 	if ((serv = getservbyport(htons(port), proto)))
-		strncpy(str, serv->s_name, 16);
+		return serv->s_name;
 	else
-		snprintf(str, 16, "%i", port);
+		snprintf(str, sizeof(str), "%i", port);
 
 	return str;
 }