summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@calcurse.org>2018-05-26 11:44:30 +0200
committerLukas Fleischer <lfleischer@calcurse.org>2018-05-26 11:44:30 +0200
commit7e5f8ed7bc862ef56b4ae5c5c26b833b801e1ad5 (patch)
tree346049051cee3f4a481eb375531caa331a948416
parentbb7381765c435ac37e133f7fcc14a07823539050 (diff)
downloadcalcurse-7e5f8ed7bc862ef56b4ae5c5c26b833b801e1ad5.tar.gz
calcurse-7e5f8ed7bc862ef56b4ae5c5c26b833b801e1ad5.zip
Avoid buffer overrun in config_parse_str()
The previous implementation only read a prefix from the configuration file if the configuration value was too long and forgot to terminate the string with a NUL character. Return 0 if the string is too long instead. Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
-rw-r--r--src/config.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/config.c b/src/config.c
index 3221f23..8dbfa31 100644
--- a/src/config.c
+++ b/src/config.c
@@ -162,7 +162,12 @@ static int config_parse_int(int *dest, const char *val)
static int config_parse_str(char *dest, const char *val)
{
- strncpy(dest, val, BUFSIZ);
+ int len = strlen(val);
+
+ if (len >= BUFSIZ)
+ return 0;
+
+ memcpy(dest, val, len + 1);
return 1;
}