fdo-mirrors/xorg-libx11
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-05-05 06:28:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

XlibInt: Use strncpy+zero termination instead of strcpy to enforce buffer size

Browse source 
Possible overrun of 8192 byte fixed size buffer "buffer" by copying
"ext->name" without length checking

Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This commit is contained in:
Erkki Seppälä 2011-01-31 14:01:57 +02:00 committed by Alan Coopersmith
parent e2566e43b0
commit 450e17422c
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/XlibInt.c
View file

@ -1439,9 +1439,10 @@ static int _XPrintDefaultError(
ext && (ext->codes.major_opcode != event->request_code);
ext = ext->next)
;
if (ext)
strcpy(buffer, ext->name);
else
if (ext) {
strncpy(buffer, ext->name, BUFSIZ);
buffer[BUFSIZ - 1] = '\0';
} else
buffer[0] = '\0';
}
(void) fprintf(fp, " (%s)\n", buffer);