path: root/src/ical.c
diff options
authorLukas Fleischer <calcurse@cryptocrack.de>2012-02-18 15:40:01 +0100
committerLukas Fleischer <calcurse@cryptocrack.de>2012-02-18 16:00:18 +0100
commitc17b535a33f9388e7eb183c3e1a0971259f4a5e6 (patch)
tree130e17a2b5abd48fd478f30ccf096e00ce5e6dfc /src/ical.c
parent9a8ea7ff91486b53511d49a1b1bb44d48a549018 (diff)
Fix up strncat() usage
The last argument to strncat() should not be the total buffer length; it should be the space remaining: The strncat() function shall append not more than n bytes (a null byte and bytes that follow it are not appended) from the array pointed to by s2 to the end of the string pointed to by s1. The initial byte of s2 overwrites the null byte at the end of s1. A terminating null byte is always appended to the result. This patch fixes a couple of potential buffer overflow vulnerabilities. Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
Diffstat (limited to 'src/ical.c')
1 files changed, 1 insertions, 2 deletions
diff --git a/src/ical.c b/src/ical.c
index 4360a76..ac158fc 100644
--- a/src/ical.c
+++ b/src/ical.c
@@ -447,8 +447,7 @@ ical_readline (FILE *fdi, char *buf, char *lstore, unsigned *ln)
*eol = '\0';
if (*lstore != SPACE && *lstore != TAB)
- strncat (buf, lstore + 1, BUFSIZ);
- buf[BUFSIZ - 1] = '\0';
+ strncat (buf, lstore + 1, BUFSIZ - strlen (buf) - 1);