From 9348a84aa0200c634dfea0aecf2f4db1672aefa2 Mon Sep 17 00:00:00 2001 From: Prateek Thakur Date: Fri, 19 Aug 2016 16:12:41 -0700 Subject: [PATCH] ecore_con: add '\0' termination to path. Summary: Copying from string 'buf' of length 4095 to '&socket_unix.sun_path[0]' may form a non-terminated C string of size 108. So added null termination. Signed-off-by: Prateek Thakur Reviewers: cedric, thiepha Subscribers: jpeg Differential Revision: https://phab.enlightenment.org/D4247 Signed-off-by: Cedric BAIL --- src/lib/ecore_con/ecore_con_local.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/ecore_con/ecore_con_local.c b/src/lib/ecore_con/ecore_con_local.c index 243584b962..1453ea103c 100644 --- a/src/lib/ecore_con/ecore_con_local.c +++ b/src/lib/ecore_con/ecore_con_local.c @@ -170,7 +170,8 @@ ecore_con_local_connect(Ecore_Con_Server *obj, } else { - strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path)); + strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path) - 1); + socket_unix.sun_path[sizeof(socket_unix.sun_path) - 1] = '\0'; socket_unix_len = LENGTH_OF_SOCKADDR_UN(&socket_unix); } @@ -330,7 +331,8 @@ start: else { abstract_socket = EINA_FALSE; - strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path)); + strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path) - 1); + socket_unix.sun_path[sizeof(socket_unix.sun_path) - 1] = '\0'; socket_unix_len = LENGTH_OF_SOCKADDR_UN(&socket_unix); }