mirror of OpenBSD xenocara tree
github.com/openbsd/xenocara
openbsd
Get rid of strcat() and strcpy(), fixing a potential stack overflow. With help and ok deraadt@, millert@, oga@.
+16
-6
+16
-6
app/ssh-askpass/resources.c
+16
-6
app/ssh-askpass/resources.c
···
53
53
XrmValue value;
54
54
char *type;
55
55
char full_name [1024], full_class [1024];
56
-
strcpy (full_name, progname);
57
-
strcat (full_name, ".");
58
-
strcat (full_name, res_name);
59
-
strcpy (full_class, progclass);
60
-
strcat (full_class, ".");
61
-
strcat (full_class, res_class);
56
+
int result;
57
+
58
+
result = snprintf(full_name, sizeof(full_name), "%s.%s",
59
+
progname, res_name);
60
+
if (result == -1 || result >= sizeof(full_name)) {
61
+
fprintf(stderr, "%s: resource name too long: %s.%s\n", progname,
62
+
progname, res_name);
63
+
return 0;
64
+
}
65
+
result = snprintf(full_class, sizeof(full_class), "%s.%s",
66
+
progclass, res_class);
67
+
if (result == -1 || result >= sizeof(full_class)) {
68
+
fprintf(stderr, "%s: resource name too long: %s.%s\n", progname,
69
+
progclass, res_class);
70
+
return 0;
71
+
}
62
72
if (XrmGetResource (db, full_name, full_class, &type, &value))
63
73
{
64
74
char *str = (char *) malloc (value.size + 1);