src/io.c: Avoid use of memcpy()

Use strncpy() and a proper limit, which ensures we never read more characters than the buffer can hold. Also, ensure we always null-terminate strings here. Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
author: Lukas Fleischer <calcurse@cryptocrack.de> 2011-11-11 12:00:57 +0100
committer: Lukas Fleischer <calcurse@cryptocrack.de> 2011-11-11 12:18:16 +0100
commit: 5e4db62662a40fd73c911218a79bb984dc169b18 (patch)
tree: 6359da02cd8e36fb99ff2ee6208e2cd29dd2af3f /src/io.c
parent: 120f434967f069dace3aeab9a547b62b127d2c04 (diff)
download: calcurse-5e4db62662a40fd73c911218a79bb984dc169b18.tar.gz
calcurse-5e4db62662a40fd73c911218a79bb984dc169b18.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/io.c b/src/io.c
index 9dcc784..b944373 100644
--- a/src/io.c
+++ b/src/io.c
@@ -2410,7 +2410,8 @@ ical_read_event (FILE *fdi, FILE *log, unsigned *noevents, unsigned *noapoints,
   skip_alarm = 0;
   while (ical_readline (fdi, buf, lstore, lineno))
     {
-      memcpy (buf_upper, buf, strlen (buf));
+      strncpy (buf_upper, buf, BUFSIZ);
+      buf_upper[BUFSIZ - 1] = '\0';
       str_toupper (buf_upper);
 
       if (skip_alarm)
@@ -2594,7 +2595,8 @@ ical_read_todo (FILE *fdi, FILE *log, unsigned *notodos, unsigned *noskipped,
   skip_alarm = 0;
   while (ical_readline (fdi, buf, lstore, lineno))
     {
-      memcpy (buf_upper, buf, strlen (buf));
+      strncpy (buf_upper, buf, BUFSIZ);
+      buf_upper[BUFSIZ - 1] = '\0';
       str_toupper (buf_upper);
       if (skip_alarm)
         {
author	Lukas Fleischer <calcurse@cryptocrack.de>	2011-11-11 12:00:57 +0100
committer	Lukas Fleischer <calcurse@cryptocrack.de>	2011-11-11 12:18:16 +0100
commit	5e4db62662a40fd73c911218a79bb984dc169b18 (patch)
tree	6359da02cd8e36fb99ff2ee6208e2cd29dd2af3f /src/io.c
parent	120f434967f069dace3aeab9a547b62b127d2c04 (diff)
download	calcurse-5e4db62662a40fd73c911218a79bb984dc169b18.tar.gz calcurse-5e4db62662a40fd73c911218a79bb984dc169b18.zip