Hello, I was happy to discover that WindowMaker is still alive! So please find attached my very modest contribution to the aventure.
Basically, there were some cases of "strncpy" usages that could lead to a missing NUL terminator, so this should help. Regards, Christophe
From 15105db265fb90eec4a83a6283e538d46eacbad9 Mon Sep 17 00:00:00 2001 From: Christophe CURIS <[email protected]> Date: Sun, 17 Jul 2011 02:53:04 +0200 Subject: [PATCH] Fix possible missing NUL at end of string Although this is not a security issue (buffer overflow unlikely), there is a possibility of garbage being displayed when using corresponding strings. --- WINGs/proplist.c | 2 +- WINGs/wcolorpanel.c | 3 +-- src/defaults.c | 1 + src/rootmenu.c | 1 + src/usermenu.c | 1 + src/workspace.c | 1 + 6 files changed, 6 insertions(+), 3 deletions(-) diff --git a/WINGs/proplist.c b/WINGs/proplist.c index 4121494..4620996 100644 --- a/WINGs/proplist.c +++ b/WINGs/proplist.c @@ -1677,7 +1677,7 @@ int wmkdirhier(const char *path) while (p++ < plen && thePath[p] != '/') ; - strncpy(buf, thePath, p); + strncpy(buf, thePath, p); // TODO: This is not great. No guarranty that p < sizeof(buf) if (mkdir(buf, 0777) == -1 && errno == EEXIST && stat(buf, &st) == 0 && !S_ISDIR(st.st_mode)) { werror(_("Could not create component %s"), buf); diff --git a/WINGs/wcolorpanel.c b/WINGs/wcolorpanel.c index 7ebe8ba..c86dfdd 100644 --- a/WINGs/wcolorpanel.c +++ b/WINGs/wcolorpanel.c @@ -3400,9 +3400,8 @@ char *generateNewFilename(char *curName) newName = wmalloc(baseLen + 16); strncpy(newName, curName, baseLen); - newName[baseLen] = 0; - sprintf(&newName[baseLen], " {%i}", n + 1); + snprintf(&newName[baseLen], 16, " {%i}", n + 1); return newName; } diff --git a/src/defaults.c b/src/defaults.c index 300a0bb..6aff2c9 100644 --- a/src/defaults.c +++ b/src/defaults.c @@ -2006,6 +2006,7 @@ static int getKeybind(WScreen * scr, WDefaultEntry * entry, WMPropList * value, } strncpy(buf, val, MAX_SHORTCUT_LENGTH); + buf[MAX_SHORTCUT_LENGTH-1] = '\0'; b = (char *)buf; diff --git a/src/rootmenu.c b/src/rootmenu.c index 5592f73..3419e78 100644 --- a/src/rootmenu.c +++ b/src/rootmenu.c @@ -425,6 +425,7 @@ static Bool addShortcut(char *file, char *shortcutDefinition, WMenu * menu, WMen ptr = wmalloc(sizeof(Shortcut)); strncpy(buf, shortcutDefinition, MAX_SHORTCUT_LENGTH); + buf[MAX_SHORTCUT_LENGTH-1] = '\0'; b = (char *)buf; /* get modifiers */ diff --git a/src/usermenu.c b/src/usermenu.c index 0339bbb..3195a1b 100644 --- a/src/usermenu.c +++ b/src/usermenu.c @@ -161,6 +161,7 @@ static WUserMenuData *convertShortcuts(WScreen * scr, WMPropList * shortcut) } else { strncpy(buf, WMGetFromPLString(shortcut), MAX_SHORTCUT_LENGTH); } + buf[MAX_SHORTCUT_LENGTH-1] = 0; b = (char *)buf; while ((k = strchr(b, '+')) != NULL) { diff --git a/src/workspace.c b/src/workspace.c index b726f7f..168d1f7 100644 --- a/src/workspace.c +++ b/src/workspace.c @@ -750,6 +750,7 @@ void wWorkspaceMenuUpdate(WScreen * scr, WMenu * menu) ws = menu->entry_no - 2; while (i > 0) { strncpy(title, scr->workspaces[ws]->name, MAX_WORKSPACENAME_WIDTH); + title[MAX_WORKSPACENAME_WIDTH] = 0; entry = wMenuAddCallback(menu, title, switchWSCommand, (void *)ws); entry->flags.indicator = 1; -- 1.7.2.5
