XlibInt: Use strncpy+zero termination instead of strcpy to enforce buffer size

Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com> Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Erkki Seppälä <erkki.seppala@vincit.fi> 2011-01-31 14:01:57 +0200
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2011-02-01 23:47:18 -0800
commit: 450e17422c0e374d25c643f343ea268cec68da38 (patch)
tree: 00abf7da8f40a6726d5c475458a5a7542a50017f
parent: e2566e43b02d2d7b7c1c3bb7db7c5ae81c1245fa (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/XlibInt.c b/src/XlibInt.c
index 873ed8ba..a78da9bf 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -1439,9 +1439,10 @@ static int _XPrintDefaultError(
 	     ext && (ext->codes.major_opcode != event->request_code);
 	     ext = ext->next)
 	  ;
-	if (ext)
-	    strcpy(buffer, ext->name);
-	else
+	if (ext) {
+	    strncpy(buffer, ext->name, BUFSIZ);
+	    buffer[BUFSIZ - 1] = '\0';
+        } else
 	    buffer[0] = '\0';
     }
     (void) fprintf(fp, " (%s)\n", buffer);
author	Erkki Seppälä <erkki.seppala@vincit.fi>	2011-01-31 14:01:57 +0200
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2011-02-01 23:47:18 -0800
commit	450e17422c0e374d25c643f343ea268cec68da38 (patch)
tree	00abf7da8f40a6726d5c475458a5a7542a50017f
parent	e2566e43b02d2d7b7c1c3bb7db7c5ae81c1245fa (diff)