From 99205f0410291c2fd63279288cafb0348e586ec7 Mon Sep 17 00:00:00 2001
From: David Maciejak <david.maciejak@gmail.com>
Date: Sun, 2 Jun 2019 11:11:30 +0800
Subject: [PATCH 1/2] Add length check for fixed-size string

To prevent possible overflow.
---
 hydra-rdp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hydra-rdp.c b/hydra-rdp.c
index f2fbfce..c75e722 100644
--- a/hydra-rdp.c
+++ b/hydra-rdp.c
@@ -48,7 +48,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr,
   if (strlen(pass = hydra_get_next_password()) == 0)
     pass = empty;
 
-  strcpy(server, hydra_address2string(ip));
+  strncpy(server, hydra_address2string(ip), sizeof(server) - 1);
 
   if ((miscptr != NULL) && (strlen(miscptr) > 0)) {
     strncpy(domain, miscptr, sizeof(domain) - 1);

From f1e0df4080342646bff3adc3bc88abacb83fba90 Mon Sep 17 00:00:00 2001
From: David Maciejak <david.maciejak@gmail.com>
Date: Sun, 2 Jun 2019 11:18:27 +0800
Subject: [PATCH 2/2] Add length check for fixed-size string

---
 hydra-smb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hydra-smb.c b/hydra-smb.c
index 0337ffd..ffea905 100644
--- a/hydra-smb.c
+++ b/hydra-smb.c
@@ -1212,7 +1212,7 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char
   if (strlen(pass = hydra_get_next_password()) == 0)
     pass = empty;
 
-  strcpy(ipaddr_str, hydra_address2string(ip));
+  strncpy(ipaddr_str, hydra_address2string(ip), sizeof(ipaddr_str) - 1);
 
   SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr);
   if (SMBSessionRet == -1)