aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErkki Seppälä <erkki.seppala@vincit.fi>2011-01-31 14:01:57 +0200
committerUlrich Sibiller <uli42@gmx.de>2016-10-19 21:40:24 +0200
commit20470a83e3a57f936cd90856325b897fa115b9ad (patch)
treee057c8621ae78217d5cd403a41bc2514b98d80a1
parent7576f5f150ee5d6cb32ebc55d2a5b32bd642a32d (diff)
downloadnx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.tar.gz
nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.tar.bz2
nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.zip
XlibInt: Use strncpy+zero termination instead of strcpy to enforce buffer size
Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com> Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
-rw-r--r--nx-X11/lib/X11/XlibInt.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/nx-X11/lib/X11/XlibInt.c b/nx-X11/lib/X11/XlibInt.c
index 23717fd7f..151e521bd 100644
--- a/nx-X11/lib/X11/XlibInt.c
+++ b/nx-X11/lib/X11/XlibInt.c
@@ -3528,9 +3528,10 @@ static int _XPrintDefaultError(
ext && (ext->codes.major_opcode != event->request_code);
ext = ext->next)
;
- if (ext)
- strcpy(buffer, ext->name);
- else
+ if (ext) {
+ strncpy(buffer, ext->name, BUFSIZ);
+ buffer[BUFSIZ - 1] = '\0';
+ } else
buffer[0] = '\0';
}
(void) fprintf(fp, " (%s)\n", buffer);