mirror of
https://github.com/Llewellynvdm/conky.git
synced 2024-11-16 18:15:17 +00:00
Replace vulnerable functions with safer alternatives
This commit is contained in:
Mithil Poojary
Brenden Matthews
parent
6bda01266b
commit
0a4eb8fda5
13
src/exec.cc
13
src/exec.cc
@ -168,17 +168,18 @@ void exec_cb::work() {
|
|||||||
// remove backspaced chars, example: "dog^H^H^Hcat" becomes "cat"
|
// remove backspaced chars, example: "dog^H^H^Hcat" becomes "cat"
|
||||||
// string has to end with \0 and it's length should fit in a int
|
// string has to end with \0 and it's length should fit in a int
|
||||||
#define BACKSPACE 8
|
#define BACKSPACE 8
|
||||||
static void remove_deleted_chars(char *string) {
|
static void remove_deleted_chars(char *string, unsigned int p_max_size) {
|
||||||
int i = 0;
|
int i = 0;
|
||||||
while (string[i] != 0) {
|
while (string[i] != 0) {
|
||||||
if (string[i] == BACKSPACE) {
|
if (string[i] == BACKSPACE) {
|
||||||
if (i != 0) {
|
if (i != 0) {
|
||||||
strcpy(&(string[i - 1]), &(string[i + 1]));
|
strncpy(&(string[i - 1]), &(string[i + 1]),
|
||||||
|
strnlen(string, p_max_size) - i + 1);
|
||||||
i--;
|
i--;
|
||||||
} else {
|
} else {
|
||||||
strcpy(
|
strncpy(&(string[i]), &(string[i + 1]),
|
||||||
&(string[i]),
|
strnlen(string, p_max_size) -
|
||||||
&(string[i + 1])); // necessary for ^H's at the start of a string
|
i); // necessary for ^H's at the start of a string
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
i++;
|
i++;
|
||||||
@ -229,7 +230,7 @@ void fill_p(const char *buffer, struct text_object *obj, char *p,
|
|||||||
snprintf(p, p_max_size, "%s", buffer);
|
snprintf(p, p_max_size, "%s", buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
remove_deleted_chars(p);
|
remove_deleted_chars(p, p_max_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -59,7 +59,8 @@ void addmessage(struct ctx *ctxptr, char *nick, const char *text) {
|
|||||||
struct ll_text *lastmsg = ctxptr->messages;
|
struct ll_text *lastmsg = ctxptr->messages;
|
||||||
struct ll_text *newmsg = (struct ll_text *)malloc(sizeof(struct ll_text));
|
struct ll_text *newmsg = (struct ll_text *)malloc(sizeof(struct ll_text));
|
||||||
newmsg->text = (char *)malloc(strlen(nick) + strlen(text) + 4); // 4 = ": \n"
|
newmsg->text = (char *)malloc(strlen(nick) + strlen(text) + 4); // 4 = ": \n"
|
||||||
sprintf(newmsg->text, "%s: %s\n", nick, text);
|
snprintf(newmsg->text, strlen(nick) + strlen(text) + 4, "%s: %s\n", nick,
|
||||||
|
text);
|
||||||
newmsg->next = nullptr;
|
newmsg->next = nullptr;
|
||||||
int msgcnt = 1;
|
int msgcnt = 1;
|
||||||
if (!lastmsg) {
|
if (!lastmsg) {
|
||||||
@ -107,7 +108,7 @@ void ev_num(irc_session_t *session, unsigned int event, const char *,
|
|||||||
if (event == 433) { // nick in use
|
if (event == 433) { // nick in use
|
||||||
int len = strlen(params[1]) + 4;
|
int len = strlen(params[1]) + 4;
|
||||||
char *newnick = (char *)malloc(len);
|
char *newnick = (char *)malloc(len);
|
||||||
strcpy(newnick, params[1]);
|
strncpy(newnick, len, params[1]);
|
||||||
attachment[1] += rand() % 10;
|
attachment[1] += rand() % 10;
|
||||||
attachment[2] += rand() % 10;
|
attachment[2] += rand() % 10;
|
||||||
strncat(newnick, attachment, len - 1);
|
strncat(newnick, attachment, len - 1);
|
||||||
|
|||||||
@ -580,9 +580,9 @@ void update_net_interfaces(FILE *net_dev_fp, bool is_first_update,
|
|||||||
nullptr, NULL);
|
nullptr, NULL);
|
||||||
ns2->addr = ((struct ifreq *)conf.ifc_buf)[k].ifr_ifru.ifru_addr;
|
ns2->addr = ((struct ifreq *)conf.ifc_buf)[k].ifr_ifru.ifru_addr;
|
||||||
char temp_addr[18];
|
char temp_addr[18];
|
||||||
sprintf(temp_addr, "%u.%u.%u.%u, ", ns2->addr.sa_data[2] & 255,
|
snprintf(temp_addr, sizeof(temp_addr), "%u.%u.%u.%u, ",
|
||||||
ns2->addr.sa_data[3] & 255, ns2->addr.sa_data[4] & 255,
|
ns2->addr.sa_data[2] & 255, ns2->addr.sa_data[3] & 255,
|
||||||
ns2->addr.sa_data[5] & 255);
|
ns2->addr.sa_data[4] & 255, ns2->addr.sa_data[5] & 255);
|
||||||
if (nullptr == strstr(ns2->addrs, temp_addr))
|
if (nullptr == strstr(ns2->addrs, temp_addr))
|
||||||
strncpy(ns2->addrs + strlen(ns2->addrs), temp_addr, 17);
|
strncpy(ns2->addrs + strlen(ns2->addrs), temp_addr, 17);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -255,7 +255,8 @@ static void update_mail_count(struct local_mail_s *mail) {
|
|||||||
NORM_ERR("malloc");
|
NORM_ERR("malloc");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
strcpy(mailflags, strrchr(dirent->d_name, ','));
|
strncpy(mailflags, strrchr(dirent->d_name, ','),
|
||||||
|
strlen(strrchr(dirent->d_name, ',')));
|
||||||
if (strchr(mailflags, 'T') ==
|
if (strchr(mailflags, 'T') ==
|
||||||
nullptr) { /* The message is not in the trash */
|
nullptr) { /* The message is not in the trash */
|
||||||
if (strchr(mailflags, 'S') !=
|
if (strchr(mailflags, 'S') !=
|
||||||
|
|||||||
@ -145,7 +145,8 @@ static void mbox_scan(char *args, char *output, size_t max_len) {
|
|||||||
|
|
||||||
/* allowing $MAIL in the config */
|
/* allowing $MAIL in the config */
|
||||||
if (strcmp(mbox_mail_spool, "$MAIL") == 0) {
|
if (strcmp(mbox_mail_spool, "$MAIL") == 0) {
|
||||||
strcpy(mbox_mail_spool, current_mail_spool.get(*state).c_str());
|
strncpy(mbox_mail_spool, current_mail_spool.get(*state).c_str(),
|
||||||
|
DEFAULT_TEXT_BUFFER_SIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (stat(mbox_mail_spool, &statbuf) != 0) {
|
if (stat(mbox_mail_spool, &statbuf) != 0) {
|
||||||
|
|||||||
@ -298,13 +298,13 @@ void print_v6addrs(struct text_object *obj, char *p, unsigned int p_max_size) {
|
|||||||
// netmask
|
// netmask
|
||||||
if (ns->v6show_nm) {
|
if (ns->v6show_nm) {
|
||||||
char netmaskstr[5]; // max 5 chars (/128 + null-terminator)
|
char netmaskstr[5]; // max 5 chars (/128 + null-terminator)
|
||||||
sprintf(netmaskstr, "/%u", current_v6->netmask);
|
snprintf(netmaskstr, sizeof(netmaskstr), "/%u", current_v6->netmask);
|
||||||
strncat(p, netmaskstr, p_max_size);
|
strncat(p, netmaskstr, p_max_size);
|
||||||
}
|
}
|
||||||
// scope
|
// scope
|
||||||
if (ns->v6show_sc) {
|
if (ns->v6show_sc) {
|
||||||
char scopestr[4];
|
char scopestr[4];
|
||||||
sprintf(scopestr, "(%c)", current_v6->scope);
|
snprintf(scopestr, sizeof(scopestr), "(%c)", current_v6->scope);
|
||||||
strncat(p, scopestr, p_max_size);
|
strncat(p, scopestr, p_max_size);
|
||||||
}
|
}
|
||||||
// next (or last) address
|
// next (or last) address
|
||||||
|
|||||||
@ -130,7 +130,7 @@ static void print_tailhead(const char *type, struct text_object *obj, char *p,
|
|||||||
}
|
}
|
||||||
// use the buffer if possible
|
// use the buffer if possible
|
||||||
if (ht->buffer != nullptr) {
|
if (ht->buffer != nullptr) {
|
||||||
strcpy(p, ht->buffer);
|
strncpy(p, ht->buffer, p_max_size);
|
||||||
ht->current_use++;
|
ht->current_use++;
|
||||||
} else { // otherwise find the needed data
|
} else { // otherwise find the needed data
|
||||||
if (stat(ht->logfile.c_str(), &st) == 0) {
|
if (stat(ht->logfile.c_str(), &st) == 0) {
|
||||||
|
|||||||
@ -84,7 +84,8 @@ static char *backslash_escape(const char *src, char **templates,
|
|||||||
dup_len += strlen(templates[tmpl_num - 1]);
|
dup_len += strlen(templates[tmpl_num - 1]);
|
||||||
src_dup =
|
src_dup =
|
||||||
static_cast<char *>(realloc(src_dup, dup_len * sizeof(char)));
|
static_cast<char *>(realloc(src_dup, dup_len * sizeof(char)));
|
||||||
sprintf(src_dup + dup_idx, "%s", templates[tmpl_num - 1]);
|
snprintf(src_dup + dup_idx, dup_len - dup_idx, "%s",
|
||||||
|
templates[tmpl_num - 1]);
|
||||||
dup_idx += strlen(templates[tmpl_num - 1]);
|
dup_idx += strlen(templates[tmpl_num - 1]);
|
||||||
p += digits;
|
p += digits;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user