From 6521d8cc0aaf82d6f3d707af4c182f30b7623f74 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@calcurse.org>
Date: Sun, 3 Sep 2017 09:28:27 +0200
Subject: Use strncpy() properly in general_option_edit()

Always use strncpy() to copy strings between fixed-size buffers and pass
the buffer size as maximal length parameter.

Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
---
 src/custom.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/custom.c b/src/custom.c
index f83a87a..7e75e51 100644
--- a/src/custom.c
+++ b/src/custom.c
@@ -739,11 +739,11 @@ static void general_option_edit(int i)
 		break;
 	case OUTPUT_DATE_FMT:
 		status_mesg(output_datefmt_str, "");
-		strncpy(buf, conf.output_datefmt,
-			strlen(conf.output_datefmt) + 1);
+		strncpy(buf, conf.output_datefmt, BUFSIZ);
+		buf[BUFSIZ - 1] = '\0';
 		if (updatestring(win[STA].p, &buf, 0, 1) == 0) {
-			strncpy(conf.output_datefmt, buf,
-				strlen(buf) + 1);
+			strncpy(conf.output_datefmt, buf, BUFSIZ);
+			conf.output_datefmt[BUFSIZ - 1] = '\0';
 		}
 		break;
 	case INPUT_DATE_FMT:
@@ -755,9 +755,11 @@ static void general_option_edit(int i)
 		break;
 	case DAY_HEADING_FMT:
 		status_mesg(output_datefmt_str, "");
-		strcpy(buf, conf.day_heading);
+		strncpy(buf, conf.day_heading, BUFSIZ);
+		buf[BUFSIZ - 1] = '\0';
 		if (updatestring(win[STA].p, &buf, 0, 1) == 0) {
-			strcpy(conf.day_heading, buf);
+			strncpy(conf.day_heading, buf, BUFSIZ);
+			conf.output_datefmt[BUFSIZ - 1] = '\0';
 		}
 		break;
 	}
-- 
cgit v1.2.3-70-g09d2