Fix #36: strncpy and strncat. N.B. Did NOT put this into _concat_string in pEpEngine.c, as this is VERY CLEARLY checked in the function.
authorKrista Grothoff <krista@pep-project.org>
Sun, 17 Jul 2016 23:48:45 +0200
changeset 9037a040beb4000
parent 902 e9c70ca2bed6
child 904 a3c701c6109f
Fix #36: strncpy and strncat. N.B. Did NOT put this into _concat_string in pEpEngine.c, as this is VERY CLEARLY checked in the function.
src/etpan_mime.c
src/message_api.c
     1.1 --- a/src/etpan_mime.c	Sun Jul 17 20:59:35 2016 +0200
     1.2 +++ b/src/etpan_mime.c	Sun Jul 17 23:48:45 2016 +0200
     1.3 @@ -755,9 +755,10 @@
     1.4          if (_type == NULL)
     1.5              return ENOMEM;
     1.6  
     1.7 -        strcpy(_type, _main_type);
     1.8 -        strcat(_type, "/");
     1.9 -        strcat(_type, content->ct_subtype);
    1.10 +        strncpy(_type, _main_type, len);
    1.11 +        len -= strlen(_main_type);
    1.12 +        strncat(_type, "/", len--);
    1.13 +        strncat(_type, content->ct_subtype, len);
    1.14  
    1.15          if (content->ct_parameters) {
    1.16              clistiter *cur;
     2.1 --- a/src/message_api.c	Sun Jul 17 20:59:35 2016 +0200
     2.2 +++ b/src/message_api.c	Sun Jul 17 23:48:45 2016 +0200
     2.3 @@ -101,15 +101,22 @@
     2.4      if (longmsg == NULL)
     2.5          longmsg = "";
     2.6  
     2.7 -    ptext = calloc(1, strlen(shortmsg) + strlen(longmsg) + 12);
     2.8 +    size_t bufsize = strlen(shortmsg) + strlen(longmsg) + 12;
     2.9 +    ptext = calloc(1, bufsize);
    2.10      assert(ptext);
    2.11      if (ptext == NULL)
    2.12          return NULL;
    2.13  
    2.14 -    strcpy(ptext, "Subject: ");
    2.15 -    strcat(ptext, shortmsg);
    2.16 -    strcat(ptext, "\n\n");
    2.17 -    strcat(ptext, longmsg);
    2.18 +    strncpy(ptext, "Subject: ", bufsize);
    2.19 +    bufsize -= 9;
    2.20 +    
    2.21 +    strncat(ptext, shortmsg, bufsize);
    2.22 +    bufsize -= strlen(shortmsg);
    2.23 +    
    2.24 +    strncat(ptext, "\n\n", bufsize);
    2.25 +    bufsize -= 2;
    2.26 +    
    2.27 +    strncat(ptext, longmsg, bufsize);
    2.28  
    2.29      return ptext;
    2.30  }
    2.31 @@ -529,8 +536,8 @@
    2.32                          if (filename == NULL)
    2.33                              goto enomem;
    2.34  
    2.35 -                        strcpy(filename, _s->filename);
    2.36 -                        strcpy(filename + len, ".pgp");
    2.37 +                        strncpy(filename, _s->filename, len);
    2.38 +                        strncpy(filename + len, ".pgp", 5);
    2.39                      }
    2.40                      else {
    2.41                          filename = calloc(1, 20);