Commit 1a897869 authored by Bill King's avatar Bill King
Browse files

Fix possible string overrun/overcopy situation.

parent d074a0bf
......@@ -110,8 +110,9 @@ int main(int argc, char *argv[])
perror("Cannot create creator comm socket");
doExit(3);
}
memset(&sau, 0, sizeof(sau));
sau.sun_family = AF_UNIX;
strcpy(sau.sun_path, argv[ArgSocket]);
strncpy(sau.sun_path, argv[ArgSocket], sizeof(sau.sun_path) - 1);
if (connect(qtcFd, (struct sockaddr *)&sau, sizeof(sau))) {
fprintf(stderr, "Cannot connect creator comm socket %s: %s\n", sau.sun_path, strerror(errno));
doExit(1);
......@@ -136,7 +137,8 @@ int main(int argc, char *argv[])
fseek(envFd, 0, SEEK_END);
size = ftell(envFd);
rewind(envFd);
envdata = malloc(size);
envdata = malloc(size + sizeof(char *));
envdata[size] = 0;
if (fread(envdata, 1, size, envFd) != (size_t)size) {
perror("Failed to read env file");
doExit(1);
......
......@@ -148,7 +148,8 @@ int main()
fseek(envFd, 0, SEEK_END);
size = ftell(envFd);
rewind(envFd);
env = malloc(size);
env = malloc(size + sizeof(wchar_t));
env[size] = 0;
if (fread(env, 1, size, envFd) != size) {
perror("Failed to read env file");
doExit(1);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment