XlibInt: Use strncpy+zero termination instead of strcpy to enforce buffer size

Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com> Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
author: Erkki Seppälä <erkki.seppala@vincit.fi> 2011-01-31 14:01:57 +0200
committer: Ulrich Sibiller <uli42@gmx.de> 2016-10-19 21:40:24 +0200
commit: 20470a83e3a57f936cd90856325b897fa115b9ad (patch)
tree: e057c8621ae78217d5cd403a41bc2514b98d80a1 /nx-X11/lib
parent: 7576f5f150ee5d6cb32ebc55d2a5b32bd642a32d (diff)
download: nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.tar.gz
nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.tar.bz2
nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/nx-X11/lib/X11/XlibInt.c b/nx-X11/lib/X11/XlibInt.c
index 23717fd7f..151e521bd 100644
--- a/nx-X11/lib/X11/XlibInt.c
+++ b/nx-X11/lib/X11/XlibInt.c
@@ -3528,9 +3528,10 @@ static int _XPrintDefaultError(
 	     ext && (ext->codes.major_opcode != event->request_code);
 	     ext = ext->next)
 	  ;
-	if (ext)
-	    strcpy(buffer, ext->name);
-	else
+	if (ext) {
+	    strncpy(buffer, ext->name, BUFSIZ);
+	    buffer[BUFSIZ - 1] = '\0';
+        } else
 	    buffer[0] = '\0';
     }
     (void) fprintf(fp, " (%s)\n", buffer);
author	Erkki Seppälä <erkki.seppala@vincit.fi>	2011-01-31 14:01:57 +0200
committer	Ulrich Sibiller <uli42@gmx.de>	2016-10-19 21:40:24 +0200
commit	20470a83e3a57f936cd90856325b897fa115b9ad (patch)
tree	e057c8621ae78217d5cd403a41bc2514b98d80a1 /nx-X11/lib
parent	7576f5f150ee5d6cb32ebc55d2a5b32bd642a32d (diff)
download	nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.tar.gz nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.tar.bz2 nx-libs-20470a83e3a57f936cd90856325b897fa115b9ad.zip