alice.mosphere.at / TIC-80
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix some strncat vulnerabilities (#2648)

* fix some strncat vulnerabilities

* fix mingw build

* fix

* fix

* fix windows builds

* fix mingw

* fix

* use snprintf and avoid truncation

* forgot FsString

* fix mingw

* try to fix mingw

* fix windows

* fix mingw

* fix

* fix bug

* ready

authored by

Miguel and committed by
GitHub 77902de1 048df326

+23 -13
+22 -10
src/studio/fs.c
··· 98 98 99 99 const char* tic_fs_path(tic_fs* fs, const char* name) 100 100 { 101 - static char path[TICNAME_MAX]; 101 + static char path[TICNAME_MAX+1]; 102 102 103 103 if(*name == '/') 104 104 strncpy(path, name + 1, sizeof path); ··· 232 232 #define tic_mkdir(name) _wmkdir(name) 233 233 #define tic_strncpy wcsncpy 234 234 #define tic_strncat wcsncat 235 + #define tic_strlen wcslen 235 236 236 237 #else 237 238 ··· 258 259 #define tic_mkdir(name) mkdir(name, 0777) 259 260 #define tic_strncpy strncpy 260 261 #define tic_strncat strncat 262 + #define tic_strlen strlen 261 263 262 264 #endif 263 265 ··· 361 363 362 364 if ((dir = tic_opendir(pathString)) != NULL) 363 365 { 364 - FsString fullPath[TICNAME_MAX]; 366 + FsString fullPath[TICNAME_MAX] = {0}; 365 367 struct tic_stat_struct s; 366 - 368 + 367 369 while ((ent = tic_readdir(dir)) != NULL) 368 370 { 369 371 if(*ent->d_name != _S('.')) 370 372 { 371 - tic_strncpy(fullPath, pathString, COUNT_OF(fullPath)); 372 - tic_strncat(fullPath, ent->d_name, COUNT_OF(fullPath) - 1); 373 + size_t pathLen = tic_strlen(pathString); 374 + size_t nameLen = tic_strlen(ent->d_name); 375 + 376 + if (pathLen + nameLen < COUNT_OF(fullPath)) { 377 + tic_strncpy(fullPath, pathString, COUNT_OF(fullPath)); 378 + tic_strncat(fullPath, ent->d_name, COUNT_OF(fullPath) - pathLen - 1); 379 + } 373 380 374 381 if(tic_stat(fullPath, &s) == 0) 375 382 { ··· 486 493 487 494 void tic_fs_dir(tic_fs* fs, char* dir) 488 495 { 489 - strncpy(dir, fs->work, TICNAME_MAX); 496 + snprintf(dir, TICNAME_MAX, "%s", fs->work); 490 497 } 491 498 492 499 void tic_fs_changedir(tic_fs* fs, const char* dir) 493 500 { 494 - if(strlen(fs->work)) 495 - strncat(fs->work, "/", TICNAME_MAX); 496 - 497 - strcat(fs->work, dir); 501 + char temp[TICNAME_MAX]; 502 + 503 + if (strlen(fs->work) > 0) { 504 + snprintf(temp, TICNAME_MAX+1, "%s/%s", fs->work, dir); 505 + } else { 506 + snprintf(temp, TICNAME_MAX, "%s", dir); 507 + } 508 + 509 + strncpy(fs->work, temp, TICNAME_MAX - 1); 498 510 499 511 #if defined(__TIC_WINDOWS__) 500 512 for(char *ptr = fs->work, *end = ptr + strlen(ptr); ptr < end; ptr++)
+1 -3
src/studio/net.c
··· 322 322 323 323 static void n3ds_net_apply_url(net_ctx *ctx, const char *url) 324 324 { 325 - strncpy(ctx->url, "http://", URL_SIZE - 1); 326 - strncat(ctx->url, ctx->net->host, URL_SIZE - 1); 327 - strncat(ctx->url, url, URL_SIZE - 1); 325 + snprintf(ctx->url, URL_SIZE, "http://%s%s", ctx->net->host, url); 328 326 } 329 327 330 328 tic_net* tic_net_create(const char* host)