From 1a8978697923a95b636027ac67ae7059d81895e7 Mon Sep 17 00:00:00 2001 From: Bill King <bill.king@nokia.com> Date: Fri, 11 Jun 2010 13:38:38 +1000 Subject: [PATCH] Fix possible string overrun/overcopy situation. --- src/libs/utils/process_stub_unix.c | 6 ++++-- src/libs/utils/process_stub_win.c | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/libs/utils/process_stub_unix.c b/src/libs/utils/process_stub_unix.c index a6259ef1572..682d2a2b76a 100644 --- a/src/libs/utils/process_stub_unix.c +++ b/src/libs/utils/process_stub_unix.c @@ -110,8 +110,9 @@ int main(int argc, char *argv[]) perror("Cannot create creator comm socket"); doExit(3); } + memset(&sau, 0, sizeof(sau)); sau.sun_family = AF_UNIX; - strcpy(sau.sun_path, argv[ArgSocket]); + strncpy(sau.sun_path, argv[ArgSocket], sizeof(sau.sun_path) - 1); if (connect(qtcFd, (struct sockaddr *)&sau, sizeof(sau))) { fprintf(stderr, "Cannot connect creator comm socket %s: %s\n", sau.sun_path, strerror(errno)); doExit(1); @@ -136,7 +137,8 @@ int main(int argc, char *argv[]) fseek(envFd, 0, SEEK_END); size = ftell(envFd); rewind(envFd); - envdata = malloc(size); + envdata = malloc(size + sizeof(char *)); + envdata[size] = 0; if (fread(envdata, 1, size, envFd) != (size_t)size) { perror("Failed to read env file"); doExit(1); diff --git a/src/libs/utils/process_stub_win.c b/src/libs/utils/process_stub_win.c index f27fe33da54..0bee1640b7d 100644 --- a/src/libs/utils/process_stub_win.c +++ b/src/libs/utils/process_stub_win.c @@ -148,7 +148,8 @@ int main() fseek(envFd, 0, SEEK_END); size = ftell(envFd); rewind(envFd); - env = malloc(size); + env = malloc(size + sizeof(wchar_t)); + env[size] = 0; if (fread(env, 1, size, envFd) != size) { perror("Failed to read env file"); doExit(1); -- GitLab