cedric pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=9348a84aa0200c634dfea0aecf2f4db1672aefa2
commit 9348a84aa0200c634dfea0aecf2f4db1672aefa2
Author: Prateek Thakur <prateek...@samsung.com>
Date: Fri Aug 19 16:12:41 2016 -0700
ecore_con: add '\0' termination to path.
Summary:
Copying from string 'buf' of length 4095 to '&socket_unix.sun_path[0]'
may form a non-terminated C string of size 108. So added null termination.
Signed-off-by: Prateek Thakur <prateek...@samsung.com>
Reviewers: cedric, thiepha
Subscribers: jpeg
Differential Revision: https://phab.enlightenment.org/D4247
Signed-off-by: Cedric BAIL <ced...@osg.samsung.com>
---
src/lib/ecore_con/ecore_con_local.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lib/ecore_con/ecore_con_local.c
b/src/lib/ecore_con/ecore_con_local.c
index 243584b..1453ea1 100644
--- a/src/lib/ecore_con/ecore_con_local.c
+++ b/src/lib/ecore_con/ecore_con_local.c
@@ -170,7 +170,8 @@ ecore_con_local_connect(Ecore_Con_Server *obj,
}
else
{
- strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path));
+ strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path) - 1);
+ socket_unix.sun_path[sizeof(socket_unix.sun_path) - 1] = '\0';
socket_unix_len = LENGTH_OF_SOCKADDR_UN(&socket_unix);
}
@@ -330,7 +331,8 @@ start:
else
{
abstract_socket = EINA_FALSE;
- strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path));
+ strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path) - 1);
+ socket_unix.sun_path[sizeof(socket_unix.sun_path) - 1] = '\0';
socket_unix_len = LENGTH_OF_SOCKADDR_UN(&socket_unix);
}
--
