diff options
author | Ulrich Sibiller <uli42@gmx.de> | 2017-11-23 23:18:44 +0100 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2018-01-07 01:27:07 +0100 |
commit | 3de6bc7490ff6907cd0203c6143a75588458dbb9 (patch) | |
tree | 9e32622f97aad13379f19fe7305f7066c4f38cd4 /nx-X11/programs | |
parent | 4a345786c6ee3b00882f015a7ac7d1d3215c0b9f (diff) | |
download | nx-libs-3de6bc7490ff6907cd0203c6143a75588458dbb9.tar.gz nx-libs-3de6bc7490ff6907cd0203c6143a75588458dbb9.tar.bz2 nx-libs-3de6bc7490ff6907cd0203c6143a75588458dbb9.zip |
Dialog.c: fix possible buffer overflows
Fix write past the end of singlePath if PATH contains dirs longer than PATH_MAX.
Diffstat (limited to 'nx-X11/programs')
-rw-r--r-- | nx-X11/programs/Xserver/hw/nxagent/Display.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/nx-X11/programs/Xserver/hw/nxagent/Display.c b/nx-X11/programs/Xserver/hw/nxagent/Display.c index f523dacde..d4e032046 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Display.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Display.c @@ -1842,6 +1842,13 @@ static FILE *nxagentLookForIconFile(char *iconName, const char *permission, if (end != NULL) { + if ((end - path) > sizeof(singlePath) - 1) + { + fprintf(stderr, "Warning: Path too long - ignored.\n"); + path = end + 1; + continue; + } + strncpy(singlePath, path, (unsigned long)(end - path)); singlePath[(unsigned long)(end - path)] = '\0'; @@ -1850,6 +1857,12 @@ static FILE *nxagentLookForIconFile(char *iconName, const char *permission, } else { + if (strlen(path) > sizeof(singlePath) - 1) + { + fprintf(stderr, "Error: Path too long.\n"); + return NULL; + } + strcpy(singlePath, path); breakLoop = 1; |