[Fix] Possible buffer overflows with strncpy.

2013-06-14 13:50:08 +01:00 · 2013-06-14 13:50:08 +01:00 · 7e0963ad35
commit 7e0963ad35
parent edd3f9cd54
3 changed files with 8 additions and 3 deletions
--- a/src/lephisto.c
+++ b/src/lephisto.c
@ -387,8 +387,10 @@ static void data_name(void) {
    return;
  }
  do {
-    if(xml_isNode(node, "name"))
+    if(xml_isNode(node, "name")) {
      strncpy(dataname, xml_get(node), DATA_NAME_LEN);
+      dataname[DATA_NAME_LEN-1] = '\0';
+    }
  } while((node = node->next));

  xmlFreeDoc(doc);
--- a/src/lfile.c
+++ b/src/lfile.c
@ -37,8 +37,10 @@ int lfile_dirMakeExist(char* path) {
 #ifdef LINUX
  struct stat buf;

-  if(strcmp(path, ".")==0)
+  if(strcmp(path, ".")==0) {
    strncpy(file, lfile_basePath(), PATH_MAX);
+    file[PATH_MAX-1] = '\0';
+  }
  else
    snprintf(file, PATH_MAX, "%s%s", lfile_basePath(), path);
  stat(file, &buf);
--- a/src/music.c
+++ b/src/music.c
@ -250,6 +250,7 @@ static int music_loadOGG(const char* filename) {

  // Set the new name.
  strncpy(music_vorbis.name, filename, 64);
+  music_vorbis.name[64-1] = '\0';

  // Load the new ogg.
  pack_open(&music_vorbis.file, DATA, filename);
@ -285,7 +286,7 @@ static int music_find(void) {
      // Remove the prefix and suffix.
      len = strlen(files[i]) - strlen(MUSIC_SUFFIX MUSIC_PREFIX);
      strncpy(tmp, files[i]  + strlen(MUSIC_PREFIX), len);
-      tmp[len] = '\0';
+      tmp[MIN(len, 64-1)] = '\0';

      music_selection[nmusic_selection-1] = strdup(tmp);
    }