rfivet
/
uemacs
mirror of https://github.com/rfivet/uemacs.git
1
0
Fork 0
Code Releases Activity

Remove buffer overflow by limiting argument size of encryption key and filenames.

This commit is contained in:
Renaud 2014-05-27 17:28:57 +08:00
parent e9142541a9
commit 7b398855e7
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
main.c
View File

@ -234,7 +234,8 @@ int main(int argc, char **argv)
case 'k': /* -k<key> for code key */
case 'K':
cryptflag = TRUE;
strcpy(ekey, &argv[carg][2]);
strncpy( ekey, &argv[ carg][ 2], sizeof ekey - 1) ; /* max encryption pattern limited to NPAT - 1 */
ekey[ sizeof ekey - 1] = 0 ;
break;
#endif
case 'r': /* -r restrictive use */
@ -272,7 +273,8 @@ int main(int argc, char **argv)
/* set this to inactive */
bp = bfind(bname, TRUE, 0);
strcpy(bp->b_fname, argv[carg]);
strncpy( bp->b_fname, argv[ carg], NFILEN - 1) ; /* max filename length limited to NFILEN - 1 (79) */
bp->b_fname[ NFILEN - 1] = 0 ;
bp->b_active = FALSE;
if (firstfile) {
firstbp = bp;