Fix buffer overflows in eve.c (sf.net #3034056)

[monky] / src / template.c

diff --git a/src/template.c b/src/template.c
index b98166a..a4351fd 100644 (file)
--- a/src/template.c
+++ b/src/template.c
@@ -1,4 +1,5 @@
 /* -*- mode: c; c-basic-offset: 4; tab-width: 4; indent-tabs-mode: t -*-
+ * vim: ts=4 sw=4 noet ai cindent syntax=c
  *
  * Conky, a system monitor, based on torsmo
  *
@@ -9,7 +10,7 @@
  * Please see COPYING for details
  *
  * Copyright (c) 2004, Hannu Saransaari and Lauri Hakkarainen
- * Copyright (c) 2005-2009 Brenden Matthews, Philip Kovacs, et. al.
+ * Copyright (c) 2005-2010 Brenden Matthews, Philip Kovacs, et. al.
  *     (see AUTHORS)
  * All rights reserved.
  *
@@ -25,8 +26,6 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
- * vim: ts=4 sw=4 noet ai cindent syntax=c
- *
  */
 #include "conky.h"
 #include "logging.h"
@@ -204,7 +203,7 @@ char *find_and_replace_templates(const char *inbuf)
                if (!(*p))
                        break;
 
-               if (strncmp(p, "$template", 9) && strncmp(p, "${template", 10)) {
+               if (strncmp(p, "$template", strlen("$template")) && strncmp(p, "${template", strlen("${template"))) {
                        *(o++) = *(p++);
                        continue;
                }
@@ -236,7 +235,8 @@ char *find_and_replace_templates(const char *inbuf)
                        }
                } else {
                        templ = p + 1;
-                       while (*p && !isspace(*p))
+                       p += strlen("$template");
+                       while (*p && isdigit(*p))
                                p++;
                        args = NULL;
                }