diff options
author | sinanmohd <sinan@sinanmohd.com> | 2024-04-11 19:22:06 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2024-04-11 21:50:34 +0530 |
commit | d9d1a10b262c3a6ac01844002e15d1bf9ab90981 (patch) | |
tree | e0a65bbf07bb346db4fa7ed9c1509a592287bf0e /src/libnpass | |
parent | e7fa0e76fdd9af6ee0ca3e7c9cc29193944cedb4 (diff) |
c: check string truncation when using snprintf
Diffstat (limited to 'src/libnpass')
-rw-r--r-- | src/libnpass/libnpass.c | 15 | ||||
-rw-r--r-- | src/libnpass/util.c | 2 |
2 files changed, 11 insertions, 6 deletions
diff --git a/src/libnpass/libnpass.c b/src/libnpass/libnpass.c index 538fe03..34b95ec 100644 --- a/src/libnpass/libnpass.c +++ b/src/libnpass/libnpass.c @@ -38,6 +38,7 @@ static int is_storeobj(struct dirent *dir); static int set_pass_dir(void) { + int r; const char *env; env = getenv("PASSWORD_STORE_DIR"); @@ -48,15 +49,19 @@ static int set_pass_dir(void) env = getenv("XDG_DATA_HOME"); if (env) { - snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env, - DEF_PASS_DIR); + r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env, + DEF_PASS_DIR); + if ((size_t)r > sizeof(pass_dir)) + err_ret(PASS_STORE_INV, "path exceeded PATH_MAX"); return 0; } env = getenv("HOME"); if (env) { - snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env, - ".local/share", DEF_PASS_DIR); + r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env, + ".local/share", DEF_PASS_DIR); + if ((size_t)r > sizeof(pass_dir)) + err_ret(PASS_STORE_INV, "path exceeded PATH_MAX"); return 0; } @@ -179,7 +184,7 @@ int readstore(DIR *dirp, struct store *s) return EOF; } - strncpy(s->name, dir->d_name, sizeof(s->name) - 1); + strcpy(s->name, dir->d_name); switch (dir->d_type) { case DT_DIR: s->type = PASS_STORE_DIR; diff --git a/src/libnpass/util.c b/src/libnpass/util.c index 182f117..c17c4ac 100644 --- a/src/libnpass/util.c +++ b/src/libnpass/util.c @@ -46,7 +46,7 @@ int r_rmdir(const char *prefix_path, char *rm_path) return 0; r = snprintf(abs_path, sizeof(abs_path), "%s/%s", prefix_path, rm_path); - if (r > (int)sizeof(abs_path)) + if ((size_t)r >= sizeof(abs_path)) err_ret(1, "path exceeded PATH_MAX"); r = rmdir(abs_path); |