elm test config - ensure buffer does't get overfilled with lots of profs

the "let's use strncpy" brigade of course made sure to use it to "be secure" and yet still overtflow the buffer... this is a perfect lesson in DOP NOT USE strncpy unless you carefully think about the code and get it right. i mean things like: strncat(buf, profiles[i], strlen(profiles[i]) + 1); is blindly using strncpy ... and it's no better than strcpy, but mroe complex and giving the illusion of "it's safe". pay attention to your code people. please. thanks.
2018-11-07 16:14:16 +00:00 · 2018-11-07 16:14:16 +00:00 · b15772853c
parent 6359236420
commit b15772853c
1 changed files with 5 additions and 3 deletions
--- a/src/bin/elementary/test_config.c
+++ b/src/bin/elementary/test_config.c
@ -84,10 +84,12 @@ _profile_update(Evas_Object *win)
     {
        for (i = 0; i < n; i++)
          {
-             if (i >= 1) strncat(buf, ", ", 2);
-             strncat(buf, profiles[i], strlen(profiles[i]) + 1);
+             if (strlen(buf) >= (sizeof(buf) - 3)) break;
+             if (i >= 1) strcat(buf, ", ");
+             if (strlen(buf) >= (sizeof(buf) - 1 - strlen(profiles[i]))) break;
+             strcat(buf, profiles[i]);
          }
-        strncat(buf, "</b>", 4);
+        if (strlen(buf) < (sizeof(buf) - 5)) strcat(buf, "</b>");
     }
   elm_object_text_set(lb, buf);
 }