Fix a buffer overflow by getting rid of all strcpy() calls

This commit is contained in:
Frederic Cambus 2016-01-23 15:39:12 +01:00 committed by K Lange
parent c46d53dac6
commit e5a3a2a051

View File

@ -49,7 +49,7 @@
* WITH THE SOFTWARE. * WITH THE SOFTWARE.
*/ */
#define _XOPEN_SOURCE 500 #define _XOPEN_SOURCE 700
#define _DARWIN_C_SOURCE 1 #define _DARWIN_C_SOURCE 1
#define _BSD_SOURCE #define _BSD_SOURCE
#define _DEFAULT_SOURCE #define _DEFAULT_SOURCE
@ -348,8 +348,7 @@ void usage(char * argv[]) {
int main(int argc, char ** argv) { int main(int argc, char ** argv) {
/* The default terminal is ANSI */ char *term = NULL;
char term[1024] = {'a','n','s','i', 0};
unsigned int k; unsigned int k;
int ttype; int ttype;
uint32_t option = 0, done = 0, sb_mode = 0; uint32_t option = 0, done = 0, sb_mode = 0;
@ -486,7 +485,7 @@ int main(int argc, char ** argv) {
/* This was a response to the TTYPE command, meaning /* This was a response to the TTYPE command, meaning
* that this should be a terminal type */ * that this should be a terminal type */
alarm(2); alarm(2);
strcpy(term, (char *)&sb[2]); term = strndup((char *)&sb[2], sizeof(sb)-2);
done++; done++;
} }
else if (sb[0] == NAWS) { else if (sb[0] == NAWS) {
@ -563,10 +562,7 @@ int main(int argc, char ** argv) {
} else { } else {
/* We are running standalone, retrieve the /* We are running standalone, retrieve the
* terminal type from the environment. */ * terminal type from the environment. */
char * nterm = getenv("TERM"); term = getenv("TERM");
if (nterm) {
strcpy(term, nterm);
}
/* Also get the number of columns */ /* Also get the number of columns */
struct winsize w; struct winsize w;
@ -575,6 +571,10 @@ int main(int argc, char ** argv) {
terminal_height = w.ws_row; terminal_height = w.ws_row;
} }
/* Default ttype */
ttype = 2;
if (term) {
/* Convert the entire terminal string to lower case */ /* Convert the entire terminal string to lower case */
for (k = 0; k < strlen(term); ++k) { for (k = 0; k < strlen(term); ++k) {
term[k] = tolower(term[k]); term[k] = tolower(term[k]);
@ -603,8 +603,7 @@ int main(int argc, char ** argv) {
ttype = 7; /* No color support, only 40 columns */ ttype = 7; /* No color support, only 40 columns */
} else if (!strncmp(term, "st", 2)) { } else if (!strncmp(term, "st", 2)) {
ttype = 1; /* suckless simple terminal is xterm-256color-compatible */ ttype = 1; /* suckless simple terminal is xterm-256color-compatible */
} else { }
ttype = 2; /* Everything else */
} }
int always_escape = 0; /* Used for text mode */ int always_escape = 0; /* Used for text mode */