kwo pushed a commit to branch master. http://git.enlightenment.org/e16/e16.git/commit/?id=bf2b7fd30072c680c9e0e22e998f2781b82d303d
commit bf2b7fd30072c680c9e0e22e998f2781b82d303d Author: Kim Woelders <[email protected]> Date: Fri Jan 23 20:16:20 2015 +0100 Fix potential buffer overruns when using sscanf(). --- src/aclass.c | 2 +- src/ipc.c | 6 +++--- src/windowmatch.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/aclass.c b/src/aclass.c index 8ee8db4..486e484 100644 --- a/src/aclass.c +++ b/src/aclass.c @@ -711,7 +711,7 @@ AclassConfigLineParse(char *s, ActionClass ** pac, Action ** paa) prm3[0] = '\0'; len2 = 0; - len = sscanf(s, "%16s %n%128s %16s", prm1, &len2, prm2, prm3); + len = sscanf(s, "%16s %n%127s %16s", prm1, &len2, prm2, prm3); if (len < 2) return; diff --git a/src/ipc.c b/src/ipc.c index 57dd87a..482d3a0 100644 --- a/src/ipc.c +++ b/src/ipc.c @@ -319,7 +319,7 @@ IPC_WinList(const char *params) if (match) { num = 0; - sscanf(params, "%8s %n", format, &num); + sscanf(params, "%7s %n", format, &num); match += num; } if (!match || !match[0]) @@ -433,7 +433,7 @@ IpcWinop(const WinOp * wop, EWin * ewin, const char *prm) int a, b; param1[0] = param2[0] = '\0'; - sscanf(prm, "%128s %128s", param1, param2); + sscanf(prm, "%127s %127s", param1, param2); switch (wop->op) { @@ -877,7 +877,7 @@ IPC_WinOps(const char *params) match[0] = operation[0] = '\0'; num = 0; - sscanf(params, "%128s %128s %n", match, operation, &num); + sscanf(params, "%127s %127s %n", match, operation, &num); p = params + num; if (!operation[0]) diff --git a/src/windowmatch.c b/src/windowmatch.c index f23f29c..2c70804 100644 --- a/src/windowmatch.c +++ b/src/windowmatch.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2000-2007 Carsten Haitzler, Geoff Harrison and various contributors - * Copyright (C) 2005-2014 Kim Woelders + * Copyright (C) 2005-2015 Kim Woelders * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to @@ -289,7 +289,7 @@ WindowMatchDecode(const char *line) int err, num, w1, w2, h1, h2; match[0] = value[0] = op[0] = '\0'; - num = sscanf(line, "%32s %1024s %32s %n", match, value, op, &w1); + num = sscanf(line, "%31s %1023s %31s %n", match, value, op, &w1); if (num < 3) return; args = line + w1; --
