Removed usage of strcpy to enhance security of the client (confluentinc#1745)

pranavrth · web-flow · commit f360bdf439c9 · 2024-05-16T19:02:40.000+05:30
Removed usage of `strcpy` to enhance security of the client
Fixed invalid write in OAUTHBEARER/OIDC extensions copy
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Confluent's Python client for Apache Kafka
 
+## v2.4.1
+
+v2.4.1 is a maintenance release with the following fixes and enhancements:
+
+ - Removed usage of `strcpy` to enhance security of the client (#1745)
+ - Fixed invalid write in `OAUTHBEARER/OIDC` extensions copy (#1745)
+
+confluent-kafka-python is based on librdkafka v2.4.1, see the
+[librdkafka release notes](https://github.com/confluentinc/librdkafka/releases/tag/v2.4.1)
+for a complete list of changes, enhancements, fixes and upgrade considerations.
+
+
 ## v2.4.0
 
 v2.4.0 is a feature release with the following features, fixes and enhancements:
diff --git a/src/confluent_kafka/src/Admin.c b/src/confluent_kafka/src/Admin.c
@@ -160,28 +160,28 @@ Admin_options_to_c (Handle *self, rd_kafka_admin_op_t for_api,
         if (Admin_options_is_set_int(options->require_stable_offsets) &&
             (err_obj = rd_kafka_AdminOptions_set_require_stable_offsets(
                     c_options, options->require_stable_offsets))) {
-                strcpy(errstr, rd_kafka_error_string(err_obj));
+                snprintf(errstr, sizeof(errstr), "%s", rd_kafka_error_string(err_obj));
                 goto err;
         }
 
         if (Admin_options_is_set_int(options->include_authorized_operations) &&
             (err_obj = rd_kafka_AdminOptions_set_include_authorized_operations(
                     c_options, options->include_authorized_operations))) {
-                strcpy(errstr, rd_kafka_error_string(err_obj));
+                snprintf(errstr, sizeof(errstr), "%s", rd_kafka_error_string(err_obj));
                 goto err;
         }
 
         if (Admin_options_is_set_int((int)options->isolation_level) &&
              (err_obj = rd_kafka_AdminOptions_set_isolation_level(
                      c_options,options->isolation_level))) {
-                strcpy(errstr, rd_kafka_error_string(err_obj));
+                snprintf(errstr, sizeof(errstr), "%s", rd_kafka_error_string(err_obj));
                 goto err;
         }
 
         if (Admin_options_is_set_ptr(options->states) &&
             (err_obj = rd_kafka_AdminOptions_set_match_consumer_group_states(
                 c_options, options->states, options->states_cnt))) {
-                strcpy(errstr, rd_kafka_error_string(err_obj));
+                snprintf(errstr, sizeof(errstr), "%s", rd_kafka_error_string(err_obj));
                 goto err;
         }
 
diff --git a/src/confluent_kafka/src/confluent_kafka.c b/src/confluent_kafka/src/confluent_kafka.c
@@ -1893,10 +1893,10 @@ static int py_extensions_to_c (char **extensions, Py_ssize_t idx,
                 return 0;
         }
 
-        extensions[idx] = (char*)malloc(ksize);
-        strcpy(extensions[idx], k);
-        extensions[idx + 1] = (char*)malloc(vsize);
-        strcpy(extensions[idx + 1], v);
+        extensions[idx] = (char*)malloc(ksize + 1);
+        snprintf(extensions[idx], ksize + 1, "%s", k);
+        extensions[idx + 1] = (char*)malloc(vsize + 1);
+        snprintf(extensions[idx + 1], vsize + 1, "%s", v);
 
         Py_DECREF(ks);
         Py_XDECREF(ks8);
