From be4fc0908f7983707ba6be77c673f9b0b83f4ee6 Mon Sep 17 00:00:00 2001 From: Martin Lund Date: Sat, 15 Jun 2024 14:59:31 +0200 Subject: [PATCH] Fix unbounded writes --- src/configfile.c | 3 +-- src/fs.c | 9 +-------- src/xymodem.c | 2 +- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/src/configfile.c b/src/configfile.c index 10717ac..460e476 100644 --- a/src/configfile.c +++ b/src/configfile.c @@ -408,13 +408,12 @@ static char *match_and_replace(const char *str, const char *pattern, char *devic assert(pattern != NULL); assert(device != NULL); - char *string = malloc(strlen(device) + PATH_MAX); + char *string = strndup(device, PATH_MAX); if (string == NULL) { tio_debug_printf("Failure allocating string memory\n"); return NULL; } - strcpy(string, device); /* Find matches of pattern in str. For each match, replace any '%mN' in the * copy of the device string with the corresponding match subexpression and diff --git a/src/fs.c b/src/fs.c index a0d9edd..6a2063c 100644 --- a/src/fs.c +++ b/src/fs.c @@ -150,14 +150,7 @@ char* fs_search_directory(const char *dir_path, const char *dirname) // If it's a directory, check if it's the one we're looking for if (strcmp(entry->d_name, dirname) == 0) { - char* result = malloc(strlen(path) + 1); - if (result == NULL) - { - // Error allocating memory - closedir(dir); - return NULL; - } - strcpy(result, path); + char *result = strndup(path, PATH_MAX); closedir(dir); return result; } diff --git a/src/xymodem.c b/src/xymodem.c index 606093a..6bc3da3 100644 --- a/src/xymodem.c +++ b/src/xymodem.c @@ -688,7 +688,7 @@ int xymodem_send(int sio, const char *filename, modem_mode_t mode) rc = -1; if (strlen(filename) > 977) break; /* hdr block overrun */ - p = stpcpy(hdr, filename) + 1; + p = stpncpy(hdr, filename, 1024) + 1; p += sprintf(p, "%ld %lo %o", len, stat.st_mtime, stat.st_mode); if (xmodem_1k(sio, hdr, p - hdr, 0) < 0) break; /* hdr with metadata */