fgets: buffer size

src/common.c

@@ -50,9 +50,6 @@
 #include "log.h"
 #include "common.h"
 
-// assume malloc stores at most 8 bytes for size of allocated memory
-// and page size is at least 4KB
-#define READ_BUF_SIZE 4088
 
 struct curl_data_t
 {

src/common.h

@@ -59,6 +59,11 @@
 
 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
 
+// assume malloc stores at most 8 bytes for size of allocated memory
+// and page size is at least 4KB
+#define READ_BUF_SIZE 4088
+
+
 #define FREE_SET_NULL(resource) \
 do { \
     free(resource); \

src/config/accounts.c

@@ -230,9 +230,12 @@ accounts_get_account(const char * const name)
         // Evaluate as shell command to retrieve password
         if (eval_password != NULL) {
             FILE *stream = popen(eval_password, "r");
-            // Limit to 100 bytes to prevent overflows in the case of a poorly chosen command
-            password = g_malloc(100);
-            password = fgets(password, 100, stream);
+            // Limit to READ_BUF_SIZE bytes to prevent overflows in the case of a poorly chosen command
+            password = g_malloc(READ_BUF_SIZE);
+            gchar *result = fgets(password, READ_BUF_SIZE, stream);
+            if (result != NULL) {
+                password = result;
+            }
         }
         gboolean enabled = g_key_file_get_boolean(accounts, name, "enabled", NULL);