| commit | 65e5f452ec9c4f87636822841767f88e3cf91255 | |
| author | Christophe CURIS <christophe.curis@free.fr> | |
| Sat, 15 Nov 2014 18:40:52 +0000 (15 19:40 +0100) | ||
| committer | Carlos R. Mafra <crmafra@gmail.com> | |
| Sun, 23 Nov 2014 22:43:37 +0000 (23 22:43 +0000) | ||
| tree | 460b69aa381f3e9d4b5366d6af1a906af221e451 | treesnapshot (tar.gz zip) |
| parent | d726eaf6170d89ccd52619a27fba0c396e1687d1 | commitdiff |
wmaker: fix possible buffer overrun in readMenuPipe (Coverity #50211, #50212)
As Coverity pointed, when building the command line to execute the current
code just assumed that it would fit in the large buffer. If user were to
provide a line too long, this would crash.
Factually this is probably not possible at current time because the command
given to the function was actually already limited to the MAXLINE size when
it was read, but this may not be guaranteed in future evolution.
Better safe than sorry, so the patch implement a size check when appending
strings, using a more efficient method (strcat re-parse the destination
string from the beginning to find its end every time).
Took the opportunity to:
- not include a trailing space at the end of the command
- do not run command if it was truncated (it could be a problem) but
provide a message to the user about it, so he may fix the problem
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As Coverity pointed, when building the command line to execute the current
code just assumed that it would fit in the large buffer. If user were to
provide a line too long, this would crash.
Factually this is probably not possible at current time because the command
given to the function was actually already limited to the MAXLINE size when
it was read, but this may not be guaranteed in future evolution.
Better safe than sorry, so the patch implement a size check when appending
strings, using a more efficient method (strcat re-parse the destination
string from the beginning to find its end every time).
Took the opportunity to:
- not include a trailing space at the end of the command
- do not run command if it was truncated (it could be a problem) but
provide a message to the user about it, so he may fix the problem
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
| src/rootmenu.c | diffblobblamehistory |