Corrected possible buffer overruns in included programs and examples.
Reported by Pedro Ribeiro <pedrib@gmail.com>.
exit (1);
}
- len = MIN (pin_max, strlen (password));
+ len = 1 + MIN (pin_max, strlen (password));
memcpy (pin, password, len);
pin[len] = 0;
exit (1);
}
- len = MIN (pin_max, strlen (password));
+ len = 1 + MIN (pin_max, strlen (password));
memcpy (pin, password, len);
pin[len] = 0;
/* cache */
- strcpy (cached_pin, pin);
+ if (len < sizeof(cached_pin))
+ {
+ memcpy (cached_pin, pin, len);
+ cached_pin[len] = 0;
+ }
+ else
+ cached_pin[0] = 0;
+
free (cached_url);
if (token_url)
cached_url = strdup (token_url);
FILE *fd2;
int put;
- if (strlen (passwd_file) > sizeof (tmpname) + 5)
+ if (strlen (passwd_file) + 5 > sizeof (tmpname))
{
fprintf (stderr, "file '%s' is tooooo long\n", passwd_file);
return -1;
}
- strcpy (tmpname, passwd_file);
- strcat (tmpname, ".tmp");
+
+ snprintf (tmpname, sizeof(tmpname), "%s.tmp", passwd_file);
if (stat (tmpname, &st) != -1)
{
FILE *fd2;
int put;
- if (strlen (tpasswd) > sizeof (tmpname) + 5)
+ if (strlen (tpasswd) + 5 > sizeof (tmpname))
{
fprintf (stderr, "file '%s' is tooooo long\n", tpasswd);
return -1;
}
- strcpy (tmpname, tpasswd);
- strcat (tmpname, ".tmp");
+
+ snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd);
if (stat (tmpname, &st) != -1)
{