From 7efe03cf0552234852be6e4537c5fe0ce0c6841c Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Sat, 26 May 2018 12:03:03 +0200 Subject: Fix buffer overflow in keys_action_allkeys() Signed-off-by: Lukas Fleischer --- src/keys.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/keys.c b/src/keys.c index 8bafd66..578c973 100644 --- a/src/keys.c +++ b/src/keys.c @@ -452,18 +452,23 @@ char *keys_action_allkeys(enum key action) { llist_item_t *i; static char keystr[BUFSIZ]; - const char *CHAR_SPACE = " "; + int keystrlen = 0; + int entrylen; if (!LLIST_FIRST(&keys[action])) return NULL; keystr[0] = '\0'; LLIST_FOREACH(&keys[action], i) { - const int MAXLEN = sizeof(keystr) - 1 - strlen(keystr); - strncat(keystr, LLIST_GET_DATA(i), MAXLEN - 1); - strncat(keystr, CHAR_SPACE, 1); + entrylen = strlen(LLIST_GET_DATA(i)) + 1; + if (keystrlen + entrylen >= BUFSIZ) + break; + memcpy(keystr + keystrlen, LLIST_GET_DATA(i), entrylen - 1); + keystr[keystrlen + entrylen - 1] = ' '; + keystrlen += entrylen; } + keystr[keystrlen] = '\0'; return keystr; } -- cgit v1.2.3-70-g09d2