Removes a bonus unchecked strcat() call as well.
Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com>
---
os/connection.c | 4 ++--
os/osglue.c | 34 +++++++++++++++++++---------------
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/os/connection.c b/os/connection.c
index 17c3384..caaa6c4 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -201,7 +201,7 @@ CreateSockets(int old_listen_count, OldListenRec
*old_listen)
if (old_listen[i].portnum != ListenPort)
continue; /* this should never happen */
else
- sprintf (portnum, "%d", old_listen[i].portnum);
+ snprintf (portnum, sizeof(portnum), "%d",
old_listen[i].portnum);
if ((ListenTransConns[ListenTransCount] =
_FontTransReopenCOTSServer (old_listen[i].trans_id,
@@ -220,7 +220,7 @@ CreateSockets(int old_listen_count, OldListenRec
*old_listen)
char port[20];
int partial;
- sprintf (port, "%d", ListenPort);
+ snprintf (port, sizeof(port), "%d", ListenPort);
if ((_FontTransMakeAllCOTSServerListeners (port, &partial,
&ListenTransCount, &ListenTransConns) >= 0) &&
diff --git a/os/osglue.c b/os/osglue.c
index cd4c268..538ab10 100644
--- a/os/osglue.c
+++ b/os/osglue.c
@@ -274,20 +274,14 @@ int
CloneMyself(void)
{
int child;
- char old_listen_arg[256];
- char *arg_ptr = old_listen_arg;
int i, j;
int lastfdesc;
- char portnum[20];
assert(!drone_server); /* a drone shouldn't hit this */
if (!CloneSelf)
return -1;
-
- old_listen_arg[0] = '\0';
-
lastfdesc = sysconf(_SC_OPEN_MAX) - 1;
if ( (lastfdesc < 0) || (lastfdesc > MAXSOCKS)) {
lastfdesc = MAXSOCKS;
@@ -312,6 +306,9 @@ CloneMyself(void)
drone_server = TRUE;
return 1;
} else { /* parent */
+ char old_listen_arg[256];
+ char portnum[8];
+
NoticeF("clone: parent revitalizing as %s\n", progname);
CloseErrors();
/* XXX should we close stdio as well? */
@@ -325,27 +322,34 @@ CloneMyself(void)
(void) close(i);
}
+ old_listen_arg[0] = '\0';
+
for (i = 0; i < ListenTransCount; i++)
{
int trans_id, fd;
char *port;
+ size_t arg_len;
if (!_FontTransGetReopenInfo (ListenTransConns[i],
&trans_id, &fd, &port))
continue;
- sprintf (arg_ptr, "%d/%d/%s", trans_id, fd, port);
- arg_ptr += strlen (arg_ptr);
- free (port);
-
- if (i < ListenTransCount - 1)
- {
- strcat (arg_ptr, ",");
- arg_ptr++;
+ arg_len = strlen(old_listen_arg);
+ if (arg_len < sizeof(old_listen_arg)) {
+ char *arg_ptr = old_listen_arg + arg_len;
+ size_t actual_len;
+ actual_len = snprintf (arg_ptr, sizeof(old_listen_arg) -
arg_len,
+ "%s%d/%d/%s", (arg_len > 0) ? "," : "",
+ trans_id, fd, port);
+ /* Ensure we don't leave a partial address if we ran out of
+ room in the buffer */
+ if (actual_len >= (sizeof(old_listen_arg) - arg_len))
+ *arg_ptr = '\0';
}
+ free (port);
}
- sprintf (portnum, "%d", ListenPort);
+ snprintf (portnum, sizeof(portnum), "%d", ListenPort);
if (*old_listen_arg != '\0')
execlp(progname, progname,
"-ls", old_listen_arg,
--
1.7.9.2
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
