From 65c2b6d9b82bad15a63312eef96917d9c450baf8 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Sat, 26 May 2018 11:51:38 +0200 Subject: notify.c: fix several buffer overflows Signed-off-by: Lukas Fleischer --- src/notify.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/notify.c b/src/notify.c index 59e6350..886a7e6 100644 --- a/src/notify.c +++ b/src/notify.c @@ -130,9 +130,12 @@ void notify_init_vars(void) pthread_mutex_init(&nbar.mutex, NULL); nbar.show = 1; nbar.cntdwn = 300; - strncpy(nbar.datefmt, date_format, strlen(date_format) + 1); - strncpy(nbar.timefmt, time_format, strlen(time_format) + 1); - strncpy(nbar.cmd, cmd, strlen(cmd) + 1); + strncpy(nbar.datefmt, date_format, BUFSIZ); + nbar.datefmt[BUFSIZ - 1] = '\0'; + strncpy(nbar.timefmt, time_format, BUFSIZ); + nbar.timefmt[BUFSIZ - 1] = '\0'; + strncpy(nbar.cmd, cmd, BUFSIZ); + nbar.cmd[BUFSIZ - 1] = '\0'; if ((nbar.shell = getenv("SHELL")) == NULL) nbar.shell = "/bin/sh"; @@ -707,26 +710,26 @@ static void config_option_edit(int i) case 1: status_mesg(date_str, ""); pthread_mutex_lock(&nbar.mutex); - strncpy(buf, nbar.datefmt, - strlen(nbar.datefmt) + 1); + strncpy(buf, nbar.datefmt, BUFSIZ); + buf[BUFSIZ - 1] = '\0'; pthread_mutex_unlock(&nbar.mutex); if (updatestring(win[STA].p, &buf, 0, 1) == 0) { pthread_mutex_lock(&nbar.mutex); - strncpy(nbar.datefmt, buf, - strlen(buf) + 1); + strncpy(nbar.datefmt, buf, BUFSIZ); + nbar.datefmt[BUFSIZ - 1] = '\0'; pthread_mutex_unlock(&nbar.mutex); } break; case 2: status_mesg(time_str, ""); pthread_mutex_lock(&nbar.mutex); - strncpy(buf, nbar.timefmt, - strlen(nbar.timefmt) + 1); + strncpy(buf, nbar.timefmt, BUFSIZ); + buf[BUFSIZ - 1] = '\0'; pthread_mutex_unlock(&nbar.mutex); if (updatestring(win[STA].p, &buf, 0, 1) == 0) { pthread_mutex_lock(&nbar.mutex); - strncpy(nbar.timefmt, buf, - strlen(buf) + 1); + strncpy(nbar.timefmt, buf, BUFSIZ); + nbar.timefmt[BUFSIZ - 1] = '\0'; pthread_mutex_unlock(&nbar.mutex); } break; @@ -746,11 +749,13 @@ static void config_option_edit(int i) case 4: status_mesg(cmd_str, ""); pthread_mutex_lock(&nbar.mutex); - strncpy(buf, nbar.cmd, strlen(nbar.cmd) + 1); + strncpy(buf, nbar.cmd, BUFSIZ); + buf[BUFSIZ - 1] = '\0'; pthread_mutex_unlock(&nbar.mutex); if (updatestring(win[STA].p, &buf, 0, 1) == 0) { pthread_mutex_lock(&nbar.mutex); - strncpy(nbar.cmd, buf, strlen(buf) + 1); + strncpy(nbar.cmd, buf, BUFSIZ); + nbar.cmd[BUFSIZ - 1] = '\0'; pthread_mutex_unlock(&nbar.mutex); } break; -- cgit v1.2.3-70-g09d2