aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver
diff options
context:
space:
mode:
authorUlrich Sibiller <uli42@gmx.de>2017-11-23 23:18:44 +0100
committerUlrich Sibiller <uli42@gmx.de>2018-01-07 01:27:07 +0100
commit3de6bc7490ff6907cd0203c6143a75588458dbb9 (patch)
tree9e32622f97aad13379f19fe7305f7066c4f38cd4 /nx-X11/programs/Xserver
parent4a345786c6ee3b00882f015a7ac7d1d3215c0b9f (diff)
downloadnx-libs-3de6bc7490ff6907cd0203c6143a75588458dbb9.tar.gz
nx-libs-3de6bc7490ff6907cd0203c6143a75588458dbb9.tar.bz2
nx-libs-3de6bc7490ff6907cd0203c6143a75588458dbb9.zip
Dialog.c: fix possible buffer overflows
Fix write past the end of singlePath if PATH contains dirs longer than PATH_MAX.
Diffstat (limited to 'nx-X11/programs/Xserver')
-rw-r--r--nx-X11/programs/Xserver/hw/nxagent/Display.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/nx-X11/programs/Xserver/hw/nxagent/Display.c b/nx-X11/programs/Xserver/hw/nxagent/Display.c
index f523dacde..d4e032046 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/Display.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/Display.c
@@ -1842,6 +1842,13 @@ static FILE *nxagentLookForIconFile(char *iconName, const char *permission,
if (end != NULL)
{
+ if ((end - path) > sizeof(singlePath) - 1)
+ {
+ fprintf(stderr, "Warning: Path too long - ignored.\n");
+ path = end + 1;
+ continue;
+ }
+
strncpy(singlePath, path, (unsigned long)(end - path));
singlePath[(unsigned long)(end - path)] = '\0';
@@ -1850,6 +1857,12 @@ static FILE *nxagentLookForIconFile(char *iconName, const char *permission,
}
else
{
+ if (strlen(path) > sizeof(singlePath) - 1)
+ {
+ fprintf(stderr, "Error: Path too long.\n");
+ return NULL;
+ }
+
strcpy(singlePath, path);
breakLoop = 1;