c17b535a33
The last argument to strncat() should not be the total buffer length; it
should be the space remaining:
The strncat() function shall append not more than n bytes (a null
byte and bytes that follow it are not appended) from the array
pointed to by s2 to the end of the string pointed to by s1. The
initial byte of s2 overwrites the null byte at the end of s1. A
terminating null byte is always appended to the result.
This patch fixes a couple of potential buffer overflow vulnerabilities.
Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
calcurse ======== Read `INSTALL` for instructions on how to build and install calcurse. Check `TODO` for things that still need to be done. Browse the file `doc/manual.html` (or its source `doc/manual.txt`) for narrative descriptions on how to use calcurse. Package Overview ---------------- You should be reading this file in a directory called: `calcurse-x.x`, where `x.x` is the current version number. There should be two subdirectories : `src` and `doc`. Detailed documentation in HTML format can be found in the `doc` directory. Calcurse sources can be found in the `src` directory. Authors ------- * Frederic Culot (Founder, Lead Developer) * Lukas Fleischer (Developer) Contributors ------------ * RegEx support: Erik Saule * German translation: Michael Schulz, Chris M., Benjamin Moeller * Spanish translation: Jose Lopez * Dutch translation: Jeremy Roon * French translation: Erik Saule * Russian translation: Aleksey Mechonoshin Also check the `Thanks` section in the manual for a list of people who have contributed by reporting bugs, sending fixes, or suggesting improvements.