From 7e0963ad35e7f30d455263104badafc1bd55d2bc Mon Sep 17 00:00:00 2001
From: Allanis <allanis@saracraft.net>
Date: Fri, 14 Jun 2013 13:50:08 +0100
Subject: [PATCH] [Fix] Possible buffer overflows with strncpy.

---
 src/lephisto.c | 4 +++-
 src/lfile.c    | 4 +++-
 src/music.c    | 3 ++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/lephisto.c b/src/lephisto.c
index 0bae0c9..0e26701 100644
--- a/src/lephisto.c
+++ b/src/lephisto.c
@@ -387,8 +387,10 @@ static void data_name(void) {
     return;
   }
   do {
-    if(xml_isNode(node, "name"))
+    if(xml_isNode(node, "name")) {
       strncpy(dataname, xml_get(node), DATA_NAME_LEN);
+      dataname[DATA_NAME_LEN-1] = '\0';
+    }
   } while((node = node->next));
 
   xmlFreeDoc(doc);
diff --git a/src/lfile.c b/src/lfile.c
index 298a28a..b1da45a 100644
--- a/src/lfile.c
+++ b/src/lfile.c
@@ -37,8 +37,10 @@ int lfile_dirMakeExist(char* path) {
 #ifdef LINUX
   struct stat buf;
 
-  if(strcmp(path, ".")==0)
+  if(strcmp(path, ".")==0) {
     strncpy(file, lfile_basePath(), PATH_MAX);
+    file[PATH_MAX-1] = '\0';
+  }
   else
     snprintf(file, PATH_MAX, "%s%s", lfile_basePath(), path);
   stat(file, &buf);
diff --git a/src/music.c b/src/music.c
index 12987c1..a1b5646 100644
--- a/src/music.c
+++ b/src/music.c
@@ -250,6 +250,7 @@ static int music_loadOGG(const char* filename) {
 
   // Set the new name.
   strncpy(music_vorbis.name, filename, 64);
+  music_vorbis.name[64-1] = '\0';
 
   // Load the new ogg.
   pack_open(&music_vorbis.file, DATA, filename);
@@ -285,7 +286,7 @@ static int music_find(void) {
       // Remove the prefix and suffix.
       len = strlen(files[i]) - strlen(MUSIC_SUFFIX MUSIC_PREFIX);
       strncpy(tmp, files[i]  + strlen(MUSIC_PREFIX), len);
-      tmp[len] = '\0';
+      tmp[MIN(len, 64-1)] = '\0';
 
       music_selection[nmusic_selection-1] = strdup(tmp);
     }