summaryrefslogtreecommitdiff
path: root/src/lib/evas/common
diff options
context:
space:
mode:
authorTom Hacohen <tom@stosb.com>2016-04-08 11:34:53 +0100
committerTom Hacohen <tom@stosb.com>2016-04-08 11:34:53 +0100
commit8203c79678b4777837ce25b5d1f6fd328d4ef246 (patch)
tree13778d5ffbd2b0b71ae0e474b8e104cf539d6392 /src/lib/evas/common
parentf4f9753c201c569b1a31f0b394d9352c80a7d9d0 (diff)
Evas langauge: Prevent potential buffer overflow and clean code.
We were copying a user defined string into a fixed size buffer without doing any boundary checks. This commit fixes that. Also cleaned up similar code that was using hardcoded numbers. @fix.
Diffstat (limited to 'src/lib/evas/common')
-rw-r--r--src/lib/evas/common/language/evas_language_utils.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/evas/common/language/evas_language_utils.c b/src/lib/evas/common/language/evas_language_utils.c
index f8b38b6..ce075a1 100644
--- a/src/lib/evas/common/language/evas_language_utils.c
+++ b/src/lib/evas/common/language/evas_language_utils.c
@@ -145,8 +145,9 @@ evas_common_language_from_locale_get(void)
145 if (locale && *locale) 145 if (locale && *locale)
146 { 146 {
147 char *itr; 147 char *itr;
148 strncpy(lang, locale, 5); 148 const size_t size = sizeof(lang);
149 lang[5] = '\0'; 149 strncpy(lang, locale, size - 1);
150 lang[size - 1] = '\0';
150 itr = lang; 151 itr = lang;
151 while (*itr) 152 while (*itr)
152 { 153 {
@@ -171,6 +172,7 @@ evas_common_language_from_locale_full_get(void)
171 locale = setlocale(LC_MESSAGES, NULL); 172 locale = setlocale(LC_MESSAGES, NULL);
172 if (locale && *locale) 173 if (locale && *locale)
173 { 174 {
175 const size_t size = sizeof(lang_full);
174 size_t i; 176 size_t i;
175 for (i = 0 ; locale[i] ; i++) 177 for (i = 0 ; locale[i] ; i++)
176 { 178 {
@@ -178,6 +180,12 @@ evas_common_language_from_locale_full_get(void)
178 if ((c == '.') || (c == '@') || (c == ' ')) /* Looks like en_US.UTF8 or de_DE@euro or aa_ER UTF-8*/ 180 if ((c == '.') || (c == '@') || (c == ' ')) /* Looks like en_US.UTF8 or de_DE@euro or aa_ER UTF-8*/
179 break; 181 break;
180 } 182 }
183
184 if (i >= size)
185 {
186 i = size - 1;
187 }
188
181 strncpy(lang_full, locale, i); 189 strncpy(lang_full, locale, i);
182 lang_full[i] = '\0'; 190 lang_full[i] = '\0';
183 return lang_full; 191 return lang_full;