fyb/calcurse-edge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix up strncat() usage

Browse Source 
The last argument to strncat() should not be the total buffer length; it
should be the space remaining:

    The strncat() function shall append not more than n bytes (a null
    byte and bytes that follow it are not appended) from the array
    pointed to by s2 to the end of the string pointed to by s1. The
    initial byte of s2 overwrites the null byte at the end of s1. A
    terminating null byte is always appended to the result.

This patch fixes a couple of potential buffer overflow vulnerabilities.

Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2012-02-18 15:40:01 +01:00
parent 9a8ea7ff91
commit c17b535a33
4 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/config.c
View File

@ -562,10 +562,10 @@ config_save (void)
int i;
strncpy (tmppath, get_tempdir (), BUFSIZ);
strncat (tmppath, "/" CONF_PATH_NAME ".", BUFSIZ);
strncat (tmppath, "/" CONF_PATH_NAME ".", BUFSIZ - strlen (tmppath) - 1);
if ((tmpext = new_tempfile (tmppath, TMPEXTSIZ)) == NULL)
return 0;
strncat (tmppath, tmpext, BUFSIZ);
strncat (tmppath, tmpext, BUFSIZ - strlen (tmppath) - 1);
mem_free (tmpext);
status.fp = fopen (tmppath, "w");

3
src/ical.c
View File

@ -447,8 +447,7 @@ ical_readline (FILE *fdi, char *buf, char *lstore, unsigned *ln)
*eol = '\0';
if (*lstore != SPACE && *lstore != TAB)
break;
strncat (buf, lstore + 1, BUFSIZ);
buf[BUFSIZ - 1] = '\0';
strncat (buf, lstore + 1, BUFSIZ - strlen (buf) - 1);
(*ln)++;
}

4
src/keys.c
View File

@ -436,7 +436,7 @@ keys_format_label (char *key, int keylen)
{
static char fmtkey[BUFSIZ];
const int len = strlen (key);
char *dot = ".";
const char dot = '.';
int i;
if (keylen > BUFSIZ)
@ -455,7 +455,7 @@ keys_format_label (char *key, int keylen)
{
for (i = 0; i < keylen - 1; i++)
fmtkey[i] = key[i];
strncat (fmtkey, dot, strlen (dot));
fmtkey[keylen - 1] = dot;
}
return fmtkey;
}

4
src/note.c
View File

@ -76,10 +76,10 @@ edit_note (char **note, char *editor)
FILE *fp;
strncpy (tmppath, get_tempdir (), BUFSIZ);
strncat (tmppath, "/calcurse-note.", BUFSIZ);
strncat (tmppath, "/calcurse-note.", BUFSIZ - strlen (tmppath) - 1);
if ((tmpext = new_tempfile (tmppath, TMPEXTSIZ)) == NULL)
return;
strncat (tmppath, tmpext, BUFSIZ);
strncat (tmppath, tmpext, BUFSIZ - strlen (tmppath) - 1);
mem_free (tmpext);
if (*note != NULL)