File 0001-fix-prevent-buffer-overflow-74.patch of Package editorconfig-core-c.13840

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-fix-prevent-buffer-overflow-74.patch of Package editorconfig-core-c.13840

From 4b8fbeb9296b3d2eb14d6c3789bd02a7ff963be7 Mon Sep 17 00:00:00 2001
From: Yoan Blanc <yoan@dosimple.ch>
Date: Thu, 27 Aug 2020 19:37:25 +0200
Subject: [PATCH] fix: prevent buffer overflow (#74)

Closes #73

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
---
 src/lib/editorconfig.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/editorconfig.c b/src/lib/editorconfig.c
index 977819f..e5262ca 100644
--- a/src/lib/editorconfig.c
+++ b/src/lib/editorconfig.c
@@ -138,7 +138,7 @@ static int array_editorconfig_name_value_add(
     int         name_value_pos;
     /* always use name_lwr but not name, since property names are case
      * insensitive */
-    char        name_lwr[MAX_PROPERTY_NAME];
+    char        name_lwr[MAX_PROPERTY_NAME+1] = {0};
     /* For the first time we came here, aenv->name_values is NULL */
     if (aenv->name_values == NULL) {
         aenv->name_values = (editorconfig_name_value*)malloc(
@@ -153,7 +153,7 @@ static int array_editorconfig_name_value_add(
 
 
     /* name_lwr is the lowercase property name */
-    strlwr(strcpy(name_lwr, name));
+    strlwr(strncpy(name_lwr, name, MAX_PROPERTY_NAME));
 
     name_value_pos = find_name_value_from_name(
             aenv->name_values, aenv->current_value_count, name_lwr);
-- 
2.25.1

Places

File 0001-fix-prevent-buffer-overflow-74.patch of Package editorconfig-core-c.13840

Places