summaryrefslogtreecommitdiff
path: root/src/note.c
diff options
context:
space:
mode:
authorLukas Fleischer <calcurse@cryptocrack.de>2012-02-18 15:40:01 +0100
committerLukas Fleischer <calcurse@cryptocrack.de>2012-02-18 16:00:18 +0100
commitc17b535a33f9388e7eb183c3e1a0971259f4a5e6 (patch)
tree130e17a2b5abd48fd478f30ccf096e00ce5e6dfc /src/note.c
parent9a8ea7ff91486b53511d49a1b1bb44d48a549018 (diff)
downloadcalcurse-c17b535a33f9388e7eb183c3e1a0971259f4a5e6.zip
Fix up strncat() usage
The last argument to strncat() should not be the total buffer length; it should be the space remaining: The strncat() function shall append not more than n bytes (a null byte and bytes that follow it are not appended) from the array pointed to by s2 to the end of the string pointed to by s1. The initial byte of s2 overwrites the null byte at the end of s1. A terminating null byte is always appended to the result. This patch fixes a couple of potential buffer overflow vulnerabilities. Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
Diffstat (limited to 'src/note.c')
-rw-r--r--src/note.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/note.c b/src/note.c
index 2686dd7..1891a5f 100644
--- a/src/note.c
+++ b/src/note.c
@@ -76,10 +76,10 @@ edit_note (char **note, char *editor)
FILE *fp;
strncpy (tmppath, get_tempdir (), BUFSIZ);
- strncat (tmppath, "/calcurse-note.", BUFSIZ);
+ strncat (tmppath, "/calcurse-note.", BUFSIZ - strlen (tmppath) - 1);
if ((tmpext = new_tempfile (tmppath, TMPEXTSIZ)) == NULL)
return;
- strncat (tmppath, tmpext, BUFSIZ);
+ strncat (tmppath, tmpext, BUFSIZ - strlen (tmppath) - 1);
mem_free (tmpext);
if (*note != NULL)