magic nums to defines and don't check ut_name and ut_line length because it can't...

git-svn-id: https://conky.svn.sourceforge.net/svnroot/conky/trunk/conky1@1162 7f574dfc-610e-0410-a909-a81674777703

diff --git a/ChangeLog b/ChangeLog
index 1047029..66b1837 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 # $Id$
 
+2008-06-16
+       * Fixed 3 bufferoverflows in a struct utmp in users.c
+
 2008-06-08
        * Bugfix, $memgraph wasn't working and needed docs
        * Bugfix, $execgraph showed 0-0 instead of 0-100 values

diff --git a/src/users.c b/src/users.c
index b96c272..d833da7 100644 (file)
--- a/src/users.c
+++ b/src/users.c
@@ -40,9 +40,8 @@ static void user_name(char *ptr)
        setutent();
        while ((usr = getutent()) != NULL) {
                if (usr->ut_type == USER_PROCESS) {
-                       //TODO change the magic number 9 into a constant, does anybody know where it comes from ?
-                       if (strlen(ptr) + (strlen(usr->ut_name) > 9 ? 9 : strlen(usr->ut_name) ) + 1 <= BUFLEN) {
-                               strncat(ptr, usr->ut_name, 9);
+                       if (strlen(ptr) + strlen(usr->ut_name) + 1 <= BUFLEN) {
+                               strncat(ptr, usr->ut_name, UT_NAMESIZE);
                        }
                }
        }
@@ -67,9 +66,8 @@ static void user_term(char *ptr)
        setutent();
        while ((usr = getutent()) != NULL) {
                if (usr->ut_type == USER_PROCESS) {
-                       //TODO change the magic number 13 into a constant, does anybody know where it comes from ?
-                       if (strlen(ptr) + (strlen(usr->ut_line) > 13 ? 13 : strlen(usr->ut_line) ) + 1 <= BUFLEN) {
-                               strncat(ptr, usr->ut_line, 13);
+                       if (strlen(ptr) + strlen(usr->ut_line) + 1 <= BUFLEN) {
+                               strncat(ptr, usr->ut_line, UT_LINESIZE);
                        }
                }
        }