diff options
author | Erkki Seppälä <erkki.seppala@vincit.fi> | 2011-01-31 14:01:57 +0200 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2011-02-01 23:47:18 -0800 |
commit | 450e17422c0e374d25c643f343ea268cec68da38 (patch) | |
tree | 00abf7da8f40a6726d5c475458a5a7542a50017f | |
parent | e2566e43b02d2d7b7c1c3bb7db7c5ae81c1245fa (diff) |
XlibInt: Use strncpy+zero termination instead of strcpy to enforce buffer size
Possible overrun of 8192 byte fixed size buffer "buffer" by copying
"ext->name" without length checking
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r-- | src/XlibInt.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/XlibInt.c b/src/XlibInt.c index 873ed8ba..a78da9bf 100644 --- a/src/XlibInt.c +++ b/src/XlibInt.c @@ -1439,9 +1439,10 @@ static int _XPrintDefaultError( ext && (ext->codes.major_opcode != event->request_code); ext = ext->next) ; - if (ext) - strcpy(buffer, ext->name); - else + if (ext) { + strncpy(buffer, ext->name, BUFSIZ); + buffer[BUFSIZ - 1] = '\0'; + } else buffer[0] = '\0'; } (void) fprintf(fp, " (%s)\n", buffer); |