From 2e2765393e1e7538771e3fda84546155be28d8a8 Mon Sep 17 00:00:00 2001 From: Nikolas Garofil Date: Tue, 17 Jun 2008 20:44:06 +0000 Subject: [PATCH] magic nums to defines and don't check ut_name and ut_line length because it can't be larger then UT_NAMESIZE and UT_LINESIZE git-svn-id: https://conky.svn.sourceforge.net/svnroot/conky/trunk/conky1@1162 7f574dfc-610e-0410-a909-a81674777703 --- ChangeLog | 3 +++ src/users.c | 10 ++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1047029..66b1837 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ # $Id$ +2008-06-16 + * Fixed 3 bufferoverflows in a struct utmp in users.c + 2008-06-08 * Bugfix, $memgraph wasn't working and needed docs * Bugfix, $execgraph showed 0-0 instead of 0-100 values diff --git a/src/users.c b/src/users.c index b96c272..d833da7 100644 --- a/src/users.c +++ b/src/users.c @@ -40,9 +40,8 @@ static void user_name(char *ptr) setutent(); while ((usr = getutent()) != NULL) { if (usr->ut_type == USER_PROCESS) { - //TODO change the magic number 9 into a constant, does anybody know where it comes from ? - if (strlen(ptr) + (strlen(usr->ut_name) > 9 ? 9 : strlen(usr->ut_name) ) + 1 <= BUFLEN) { - strncat(ptr, usr->ut_name, 9); + if (strlen(ptr) + strlen(usr->ut_name) + 1 <= BUFLEN) { + strncat(ptr, usr->ut_name, UT_NAMESIZE); } } } @@ -67,9 +66,8 @@ static void user_term(char *ptr) setutent(); while ((usr = getutent()) != NULL) { if (usr->ut_type == USER_PROCESS) { - //TODO change the magic number 13 into a constant, does anybody know where it comes from ? - if (strlen(ptr) + (strlen(usr->ut_line) > 13 ? 13 : strlen(usr->ut_line) ) + 1 <= BUFLEN) { - strncat(ptr, usr->ut_line, 13); + if (strlen(ptr) + strlen(usr->ut_line) + 1 <= BUFLEN) { + strncat(ptr, usr->ut_line, UT_LINESIZE); } } } -- 1.7.9.5