aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@calcurse.org>2018-05-26 12:03:03 +0200
committerLukas Fleischer <lfleischer@calcurse.org>2018-05-26 12:03:03 +0200
commit7efe03cf0552234852be6e4537c5fe0ce0c6841c (patch)
tree68306125071db5fb6db3a87d1ba9ec2faa02ed80
parent2cd60c78cf8411a0d1592da458e2832e7b1b20db (diff)
downloadcalcurse-7efe03cf0552234852be6e4537c5fe0ce0c6841c.tar.gz
calcurse-7efe03cf0552234852be6e4537c5fe0ce0c6841c.zip
Fix buffer overflow in keys_action_allkeys()
Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
-rw-r--r--src/keys.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/keys.c b/src/keys.c
index 8bafd66..578c973 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -452,18 +452,23 @@ char *keys_action_allkeys(enum key action)
{
llist_item_t *i;
static char keystr[BUFSIZ];
- const char *CHAR_SPACE = " ";
+ int keystrlen = 0;
+ int entrylen;
if (!LLIST_FIRST(&keys[action]))
return NULL;
keystr[0] = '\0';
LLIST_FOREACH(&keys[action], i) {
- const int MAXLEN = sizeof(keystr) - 1 - strlen(keystr);
- strncat(keystr, LLIST_GET_DATA(i), MAXLEN - 1);
- strncat(keystr, CHAR_SPACE, 1);
+ entrylen = strlen(LLIST_GET_DATA(i)) + 1;
+ if (keystrlen + entrylen >= BUFSIZ)
+ break;
+ memcpy(keystr + keystrlen, LLIST_GET_DATA(i), entrylen - 1);
+ keystr[keystrlen + entrylen - 1] = ' ';
+ keystrlen += entrylen;
}
+ keystr[keystrlen] = '\0';
return keystr;
}