diff options
author | TingPing <tingping@tingping.se> | 2014-12-10 09:32:16 -0500 |
---|---|---|
committer | TingPing <tingping@tingping.se> | 2014-12-10 09:32:16 -0500 |
commit | 10246f121a9dfb1fe38012aa92324ac6050822a2 (patch) | |
tree | af15e7f6931dbe346c1d6fdef8a2cf7d539e7984 /src | |
parent | 025152ee53b56861e9738b2218743af28c5f1e45 (diff) |
Fix unsafe string handling in configs
Also fixes 2 leaks
Diffstat (limited to 'src')
-rw-r--r-- | src/common/cfgfiles.c | 32 | ||||
-rw-r--r-- | src/fe-gtk/servlistgui.c | 8 |
2 files changed, 21 insertions, 19 deletions
diff --git a/src/common/cfgfiles.c b/src/common/cfgfiles.c index 069ca70b..eda24f6b 100644 --- a/src/common/cfgfiles.c +++ b/src/common/cfgfiles.c @@ -855,34 +855,36 @@ load_default_config(void) #else if (g_get_user_special_dir (G_USER_DIRECTORY_DOWNLOAD)) { - strcpy (prefs.hex_dcc_dir, g_get_user_special_dir (G_USER_DIRECTORY_DOWNLOAD)); + safe_strcpy (prefs.hex_dcc_dir, g_get_user_special_dir (G_USER_DIRECTORY_DOWNLOAD), sizeof(prefs.hex_dcc_dir)); } else { - strcpy (prefs.hex_dcc_dir, g_build_filename (g_get_home_dir (), "Downloads", NULL)); + char *download_dir = g_build_filename (g_get_home_dir (), "Downloads", NULL); + safe_strcpy (prefs.hex_dcc_dir, download_dir, sizeof(prefs.hex_dcc_dir)); + g_free (download_dir); } #endif strcpy (prefs.hex_gui_ulist_doubleclick, "QUERY %s"); strcpy (prefs.hex_input_command_char, "/"); - strcpy (prefs.hex_irc_logmask, g_build_filename ("%n", "%c.log", NULL)); - strcpy (prefs.hex_irc_nick1, username); - strcpy (prefs.hex_irc_nick2, username); - strcat (prefs.hex_irc_nick2, "_"); - strcpy (prefs.hex_irc_nick3, username); - strcat (prefs.hex_irc_nick3, "__"); + strcpy (prefs.hex_irc_logmask, "%n"G_DIR_SEPARATOR_S"%c.log"); + safe_strcpy (prefs.hex_irc_nick1, username, sizeof(prefs.hex_irc_nick1)); + safe_strcpy (prefs.hex_irc_nick2, username, sizeof(prefs.hex_irc_nick2)); + g_strlcat (prefs.hex_irc_nick2, "_", sizeof(prefs.hex_irc_nick2)); + safe_strcpy (prefs.hex_irc_nick3, username, sizeof(prefs.hex_irc_nick3)); + g_strlcat (prefs.hex_irc_nick3, "__", sizeof(prefs.hex_irc_nick3)); strcpy (prefs.hex_irc_no_hilight, "NickServ,ChanServ,InfoServ,N,Q"); - strcpy (prefs.hex_irc_part_reason, _("Leaving")); - strcpy (prefs.hex_irc_quit_reason, prefs.hex_irc_part_reason); - strcpy (prefs.hex_irc_real_name, realname); - strcpy (prefs.hex_irc_user_name, username); + safe_strcpy (prefs.hex_irc_part_reason, _("Leaving"), sizeof(prefs.hex_irc_part_reason)); + safe_strcpy (prefs.hex_irc_quit_reason, prefs.hex_irc_part_reason, sizeof(prefs.hex_irc_quit_reason)); + safe_strcpy (prefs.hex_irc_real_name, realname, sizeof(prefs.hex_irc_real_name)); + safe_strcpy (prefs.hex_irc_user_name, username, sizeof(prefs.hex_irc_user_name)); strcpy (prefs.hex_stamp_log_format, "%b %d %H:%M:%S "); strcpy (prefs.hex_stamp_text_format, "[%H:%M:%S] "); font = fe_get_default_font (); if (font) { - strcpy (prefs.hex_text_font, font); - strcpy (prefs.hex_text_font_main, font); + safe_strcpy (prefs.hex_text_font, font, sizeof(prefs.hex_text_font)); + safe_strcpy (prefs.hex_text_font_main, font, sizeof(prefs.hex_text_font_main)); } else { @@ -892,7 +894,7 @@ load_default_config(void) strcpy (prefs.hex_text_font_alternative, DEF_FONT_ALTER); langs = get_default_spell_languages (); - strcpy (prefs.hex_text_spell_langs, langs); + safe_strcpy (prefs.hex_text_spell_langs, langs, sizeof(prefs.hex_text_spell_langs)); /* private variables */ diff --git a/src/fe-gtk/servlistgui.c b/src/fe-gtk/servlistgui.c index f43a225a..6117899d 100644 --- a/src/fe-gtk/servlistgui.c +++ b/src/fe-gtk/servlistgui.c @@ -960,10 +960,10 @@ servlist_savegui (void) if (!rfc_casecmp (nick1, nick2)) return 2; - strcpy (prefs.hex_irc_nick1, nick1); - strcpy (prefs.hex_irc_nick2, nick2); - strcpy (prefs.hex_irc_nick3, gtk_entry_get_text (GTK_ENTRY (entry_nick3))); - strcpy (prefs.hex_irc_user_name, gtk_entry_get_text (GTK_ENTRY (entry_guser))); + safe_strcpy (prefs.hex_irc_nick1, nick1, sizeof(prefs.hex_irc_nick1)); + safe_strcpy (prefs.hex_irc_nick2, nick2, sizeof(prefs.hex_irc_nick2)); + safe_strcpy (prefs.hex_irc_nick3, gtk_entry_get_text (GTK_ENTRY (entry_nick3)), sizeof(prefs.hex_irc_nick3)); + safe_strcpy (prefs.hex_irc_user_name, gtk_entry_get_text (GTK_ENTRY (entry_guser)), sizeof(prefs.hex_irc_user_name)); sp = strchr (prefs.hex_irc_user_name, ' '); if (sp) sp[0] = 0; /* spaces will break the login */ |