From d9d1a10b262c3a6ac01844002e15d1bf9ab90981 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Thu, 11 Apr 2024 19:22:06 +0530
Subject: c: check string truncation when using snprintf

---
 src/libnpass/libnpass.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'src/libnpass/libnpass.c')

diff --git a/src/libnpass/libnpass.c b/src/libnpass/libnpass.c
index 538fe03..34b95ec 100644
--- a/src/libnpass/libnpass.c
+++ b/src/libnpass/libnpass.c
@@ -38,6 +38,7 @@ static int is_storeobj(struct dirent *dir);
 
 static int set_pass_dir(void)
 {
+	int r;
 	const char *env;
 
 	env = getenv("PASSWORD_STORE_DIR");
@@ -48,15 +49,19 @@ static int set_pass_dir(void)
 
 	env = getenv("XDG_DATA_HOME");
 	if (env) {
-		snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env,
-			 DEF_PASS_DIR);
+		r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env,
+			     DEF_PASS_DIR);
+		if ((size_t)r > sizeof(pass_dir))
+			err_ret(PASS_STORE_INV, "path exceeded PATH_MAX");
 		return 0;
 	}
 
 	env = getenv("HOME");
 	if (env) {
-		snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env,
-			 ".local/share", DEF_PASS_DIR);
+		r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env,
+			     ".local/share", DEF_PASS_DIR);
+		if ((size_t)r > sizeof(pass_dir))
+			err_ret(PASS_STORE_INV, "path exceeded PATH_MAX");
 		return 0;
 	}
 
@@ -179,7 +184,7 @@ int readstore(DIR *dirp, struct store *s)
 		return EOF;
 	}
 
-	strncpy(s->name, dir->d_name, sizeof(s->name) - 1);
+	strcpy(s->name, dir->d_name);
 	switch (dir->d_type) {
 	case DT_DIR:
 		s->type = PASS_STORE_DIR;
-- 
cgit v1.2.3