1
0
mirror of https://github.com/profanity-im/profanity.git synced 2024-11-03 19:37:16 -05:00

fgets: buffer size

This commit is contained in:
Peter Vilim 2015-01-07 21:37:35 -06:00
parent b298994ce7
commit 0cb548683c
3 changed files with 11 additions and 6 deletions

View File

@ -50,9 +50,6 @@
#include "log.h" #include "log.h"
#include "common.h" #include "common.h"
// assume malloc stores at most 8 bytes for size of allocated memory
// and page size is at least 4KB
#define READ_BUF_SIZE 4088
struct curl_data_t struct curl_data_t
{ {

View File

@ -59,6 +59,11 @@
#define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0])) #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
// assume malloc stores at most 8 bytes for size of allocated memory
// and page size is at least 4KB
#define READ_BUF_SIZE 4088
#define FREE_SET_NULL(resource) \ #define FREE_SET_NULL(resource) \
do { \ do { \
free(resource); \ free(resource); \

View File

@ -230,9 +230,12 @@ accounts_get_account(const char * const name)
// Evaluate as shell command to retrieve password // Evaluate as shell command to retrieve password
if (eval_password != NULL) { if (eval_password != NULL) {
FILE *stream = popen(eval_password, "r"); FILE *stream = popen(eval_password, "r");
// Limit to 100 bytes to prevent overflows in the case of a poorly chosen command // Limit to READ_BUF_SIZE bytes to prevent overflows in the case of a poorly chosen command
password = g_malloc(100); password = g_malloc(READ_BUF_SIZE);
password = fgets(password, 100, stream); gchar *result = fgets(password, READ_BUF_SIZE, stream);
if (result != NULL) {
password = result;
}
} }
gboolean enabled = g_key_file_get_boolean(accounts, name, "enabled", NULL); gboolean enabled = g_key_file_get_boolean(accounts, name, "enabled", NULL);