| commit | 3c323e1e9a5962b128100d0bb878b5c9894b3d98 | |
| author | Carlos R. Mafra <crmafra@gmail.com> | |
| Sun, 9 Nov 2008 19:18:05 +0000 (9 20:18 +0100) | ||
| committer | Carlos R. Mafra <crmafra@gmail.com> | |
| Sun, 9 Nov 2008 19:18:05 +0000 (9 20:18 +0100) | ||
| tree | 2585984bac6ecb06ffaf72729093da3dd09f4e7e | treesnapshot (tar.gz zip) |
| parent | 06f59b99282221ee57c7522fee82e757d50258a1 | commitdiff |
Fix buffer overflows in shortcut and workspace name handling
The handling of user defined shortcuts was not checking the length
of the shortcut before copying it to a fixed-length temporary buffer,
char buf[128];
strcpy(buf, shortcutDefinition);
and strcpy() is well known for not checking if overflows will occur.
In particular, wmaker was crashing here if a big 'shortcut' was defined
either through WPrefs or by directly editing the configuration files.
This is now avoided by using strncpy() instead.
And this patch also fixes a similar buffer overflow for big workspace
names too.
Furthermore, use MAX_SHORTCUT_LENGTH instead of raw number and define
it to be 32 instead of 128.
The handling of user defined shortcuts was not checking the length
of the shortcut before copying it to a fixed-length temporary buffer,
char buf[128];
strcpy(buf, shortcutDefinition);
and strcpy() is well known for not checking if overflows will occur.
In particular, wmaker was crashing here if a big 'shortcut' was defined
either through WPrefs or by directly editing the configuration files.
This is now avoided by using strncpy() instead.
And this patch also fixes a similar buffer overflow for big workspace
names too.
Furthermore, use MAX_SHORTCUT_LENGTH instead of raw number and define
it to be 32 instead of 128.
| src/defaults.c | diffblobblamehistory | |
| src/rootmenu.c | diffblobblamehistory | |
| src/usermenu.c | diffblobblamehistory | |
| src/workspace.c | diffblobblamehistory |