vino/rocket
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

player: fix potential buffer overflow

Browse Source 
Previously, sync_track_path could either overflow it's 'temp'
buffer by one byte, or (even worse) end up not zero-terminating
it.

Correct the code by explicitly zero-terminating the result of
strncpy, and reducing the lenght-parameter to strncat.
This commit is contained in:
Erik Faye-Lund 2011-01-19 10:08:24 +01:00
parent 1044584639
commit 8a49fd3c05
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sync/device.c
View File

@ -11,10 +11,11 @@
static const char *sync_track_path(const char *base, const char *name) static const char *sync_track_path(const char *base, const char *name)
{ {
static char temp[FILENAME_MAX]; static char temp[FILENAME_MAX];
strncpy(temp, base, sizeof(temp)); strncpy(temp, base, sizeof(temp) - 1);
strncat(temp, "_", sizeof(temp)); temp[sizeof(temp) - 1] = '\0';
strncat(temp, name, sizeof(temp)); strncat(temp, "_", sizeof(temp) - 1);
strncat(temp, ".track", sizeof(temp)); strncat(temp, name, sizeof(temp) - 1);
strncat(temp, ".track", sizeof(temp) - 1);
return temp; return temp;
} }