[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy
From: |
Jim Meyering |
Subject: |
bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy |
Date: |
Sat, 28 Apr 2012 23:56:45 +0200 |
strncpy is often misused.
I would argue that nearly any use constitutes misuse.
Here are a few fixes:
2012-04-28 Jim Meyering <meyering@redhat.com>
avoid buffer overrun: NUL-terminate after strncpy
* lib-src/pop.c (pop_stat, pop_list, pop_multi_first, pop_last):
NUL-terminate the error buffer.
* src/w32font.c (fill_in_logfont): NUL-terminate logfont face name.
---
lib-src/pop.c | 8 +++++++-
src/w32font.c | 7 +++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/lib-src/pop.c b/lib-src/pop.c
index 37494d1..c4c7f2b 100644
--- a/lib-src/pop.c
+++ b/lib-src/pop.c
@@ -346,6 +346,7 @@ pop_stat (popserver server, int *count, int *size)
if (0 == strncmp (fromserver, "-ERR", 4))
{
strncpy (pop_error, fromserver, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
}
else
{
@@ -447,7 +448,10 @@ pop_list (popserver server, int message, int **IDs, int
**sizes)
if (strncmp (fromserver, "+OK ", 4))
{
if (! strncmp (fromserver, "-ERR", 4))
- strncpy (pop_error, fromserver, ERROR_MAX);
+ {
+ strncpy (pop_error, fromserver, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
+ }
else
{
strcpy (pop_error,
@@ -687,6 +691,7 @@ pop_multi_first (popserver server, const char *command,
char **response)
if (0 == strncmp (*response, "-ERR", 4))
{
strncpy (pop_error, *response, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
return (-1);
}
else if (0 == strncmp (*response, "+OK", 3))
@@ -860,6 +865,7 @@ pop_last (popserver server)
if (! strncmp (fromserver, "-ERR", 4))
{
strncpy (pop_error, fromserver, ERROR_MAX);
+ pop_error[ERROR_MAX-1] = '\0';
return (-1);
}
else if (strncmp (fromserver, "+OK ", 4))
diff --git a/src/w32font.c b/src/w32font.c
index dab9f4c..8badace 100644
--- a/src/w32font.c
+++ b/src/w32font.c
@@ -2045,8 +2045,11 @@ fill_in_logfont (FRAME_PTR f, LOGFONT *logfont,
Lisp_Object font_spec)
/* Font families are interned, but allow for strings also in case of
user input. */
else if (SYMBOLP (tmp))
- strncpy (logfont->lfFaceName,
- SDATA (ENCODE_SYSTEM (SYMBOL_NAME (tmp))), LF_FACESIZE);
+ {
+ strncpy (logfont->lfFaceName,
+ SDATA (ENCODE_SYSTEM (SYMBOL_NAME (tmp))), LF_FACESIZE);
+ logfont->lfFaceName[LF_FACESIZE-1] = '\0';
+ }
}
tmp = AREF (font_spec, FONT_ADSTYLE_INDEX);
--
1.7.10.382.g62bc8
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#11372: [PATCH] avoid buffer overrun: NUL-terminate after strncpy,
Jim Meyering <=