1
0
mirror of https://github.com/Llewellynvdm/conky.git synced 2024-11-16 18:15:17 +00:00

Replace vulnerable functions with safer alternatives

This commit is contained in:
Mithil Poojary 2020-10-03 05:07:48 +05:30 committed by Brenden Matthews
parent 6bda01266b
commit 0a4eb8fda5
8 changed files with 22 additions and 17 deletions

View File

@ -168,17 +168,18 @@ void exec_cb::work() {
// remove backspaced chars, example: "dog^H^H^Hcat" becomes "cat"
// string has to end with \0 and it's length should fit in a int
#define BACKSPACE 8
static void remove_deleted_chars(char *string) {
static void remove_deleted_chars(char *string, unsigned int p_max_size) {
int i = 0;
while (string[i] != 0) {
if (string[i] == BACKSPACE) {
if (i != 0) {
strcpy(&(string[i - 1]), &(string[i + 1]));
strncpy(&(string[i - 1]), &(string[i + 1]),
strnlen(string, p_max_size) - i + 1);
i--;
} else {
strcpy(
&(string[i]),
&(string[i + 1])); // necessary for ^H's at the start of a string
strncpy(&(string[i]), &(string[i + 1]),
strnlen(string, p_max_size) -
i); // necessary for ^H's at the start of a string
}
} else {
i++;
@ -229,7 +230,7 @@ void fill_p(const char *buffer, struct text_object *obj, char *p,
snprintf(p, p_max_size, "%s", buffer);
}
remove_deleted_chars(p);
remove_deleted_chars(p, p_max_size);
}
/**

View File

@ -59,7 +59,8 @@ void addmessage(struct ctx *ctxptr, char *nick, const char *text) {
struct ll_text *lastmsg = ctxptr->messages;
struct ll_text *newmsg = (struct ll_text *)malloc(sizeof(struct ll_text));
newmsg->text = (char *)malloc(strlen(nick) + strlen(text) + 4); // 4 = ": \n"
sprintf(newmsg->text, "%s: %s\n", nick, text);
snprintf(newmsg->text, strlen(nick) + strlen(text) + 4, "%s: %s\n", nick,
text);
newmsg->next = nullptr;
int msgcnt = 1;
if (!lastmsg) {
@ -107,7 +108,7 @@ void ev_num(irc_session_t *session, unsigned int event, const char *,
if (event == 433) { // nick in use
int len = strlen(params[1]) + 4;
char *newnick = (char *)malloc(len);
strcpy(newnick, params[1]);
strncpy(newnick, len, params[1]);
attachment[1] += rand() % 10;
attachment[2] += rand() % 10;
strncat(newnick, attachment, len - 1);

View File

@ -580,9 +580,9 @@ void update_net_interfaces(FILE *net_dev_fp, bool is_first_update,
nullptr, NULL);
ns2->addr = ((struct ifreq *)conf.ifc_buf)[k].ifr_ifru.ifru_addr;
char temp_addr[18];
sprintf(temp_addr, "%u.%u.%u.%u, ", ns2->addr.sa_data[2] & 255,
ns2->addr.sa_data[3] & 255, ns2->addr.sa_data[4] & 255,
ns2->addr.sa_data[5] & 255);
snprintf(temp_addr, sizeof(temp_addr), "%u.%u.%u.%u, ",
ns2->addr.sa_data[2] & 255, ns2->addr.sa_data[3] & 255,
ns2->addr.sa_data[4] & 255, ns2->addr.sa_data[5] & 255);
if (nullptr == strstr(ns2->addrs, temp_addr))
strncpy(ns2->addrs + strlen(ns2->addrs), temp_addr, 17);
}

View File

@ -255,7 +255,8 @@ static void update_mail_count(struct local_mail_s *mail) {
NORM_ERR("malloc");
return;
}
strcpy(mailflags, strrchr(dirent->d_name, ','));
strncpy(mailflags, strrchr(dirent->d_name, ','),
strlen(strrchr(dirent->d_name, ',')));
if (strchr(mailflags, 'T') ==
nullptr) { /* The message is not in the trash */
if (strchr(mailflags, 'S') !=

View File

@ -145,7 +145,8 @@ static void mbox_scan(char *args, char *output, size_t max_len) {
/* allowing $MAIL in the config */
if (strcmp(mbox_mail_spool, "$MAIL") == 0) {
strcpy(mbox_mail_spool, current_mail_spool.get(*state).c_str());
strncpy(mbox_mail_spool, current_mail_spool.get(*state).c_str(),
DEFAULT_TEXT_BUFFER_SIZE);
}
if (stat(mbox_mail_spool, &statbuf) != 0) {

View File

@ -298,13 +298,13 @@ void print_v6addrs(struct text_object *obj, char *p, unsigned int p_max_size) {
// netmask
if (ns->v6show_nm) {
char netmaskstr[5]; // max 5 chars (/128 + null-terminator)
sprintf(netmaskstr, "/%u", current_v6->netmask);
snprintf(netmaskstr, sizeof(netmaskstr), "/%u", current_v6->netmask);
strncat(p, netmaskstr, p_max_size);
}
// scope
if (ns->v6show_sc) {
char scopestr[4];
sprintf(scopestr, "(%c)", current_v6->scope);
snprintf(scopestr, sizeof(scopestr), "(%c)", current_v6->scope);
strncat(p, scopestr, p_max_size);
}
// next (or last) address

View File

@ -130,7 +130,7 @@ static void print_tailhead(const char *type, struct text_object *obj, char *p,
}
// use the buffer if possible
if (ht->buffer != nullptr) {
strcpy(p, ht->buffer);
strncpy(p, ht->buffer, p_max_size);
ht->current_use++;
} else { // otherwise find the needed data
if (stat(ht->logfile.c_str(), &st) == 0) {

View File

@ -84,7 +84,8 @@ static char *backslash_escape(const char *src, char **templates,
dup_len += strlen(templates[tmpl_num - 1]);
src_dup =
static_cast<char *>(realloc(src_dup, dup_len * sizeof(char)));
sprintf(src_dup + dup_idx, "%s", templates[tmpl_num - 1]);
snprintf(src_dup + dup_idx, dup_len - dup_idx, "%s",
templates[tmpl_num - 1]);
dup_idx += strlen(templates[tmpl_num - 1]);
p += digits;
}