diff options
| author | Norbert Thiebaud <nthiebaud@gmail.com> | 2013-06-20 14:26:49 -0500 |
|---|---|---|
| committer | Michael Stahl <mstahl@redhat.com> | 2013-06-24 20:17:43 +0200 |
| commit | 52066e4726436cb560098856af2d6f976199f5f4 (patch) | |
| tree | a6d1d5361ce8c3768618f60f5bed6ddf17722447 /sal | |
| parent | 7ec6baba68aba6a66d161e545f0f7808f57ff011 (diff) | |
coverity#706154 : Destination buffer too small
Change-Id: I27bc8803353047a057caaf2353f10cdab08e81e9
Diffstat (limited to 'sal')
| -rw-r--r-- | sal/osl/unx/profile.c | 70 |
1 files changed, 52 insertions, 18 deletions
diff --git a/sal/osl/unx/profile.c b/sal/osl/unx/profile.c index d27dda765463..acfd91c6a7c6 100644 --- a/sal/osl/unx/profile.c +++ b/sal/osl/unx/profile.c @@ -144,7 +144,7 @@ static sal_Bool releaseProfile(osl_TProfileImpl* pProfile); static sal_Bool writeProfileImpl (osl_TFile* pFile); static osl_TFile* osl_openTmpProfileImpl(osl_TProfileImpl*); static sal_Bool osl_ProfileSwapProfileNames(osl_TProfileImpl*); -static void osl_ProfileGenerateExtension(sal_Char* pszFileName, sal_Char* pszExtension, sal_Char* pszTmpName); +static void osl_ProfileGenerateExtension(const sal_Char* pszFileName, const sal_Char* pszExtension, sal_Char* pszTmpName, int BufferMaxLen); static oslProfile SAL_CALL osl_psz_openProfile(const sal_Char *pszProfileName, oslProfileOption Flags); /* implemented in file.c */ @@ -2008,7 +2008,7 @@ static osl_TFile* osl_openTmpProfileImpl(osl_TProfileImpl* pProfile) pszTmpName[0] = '\0'; /* generate tmp profilename */ - osl_ProfileGenerateExtension(pProfile->m_FileName,pszExtension,pszTmpName); + osl_ProfileGenerateExtension(pProfile->m_FileName, pszExtension, pszTmpName, PATH_MAX); if ( pszTmpName[0] == 0 ) { @@ -2030,41 +2030,75 @@ static osl_TFile* osl_openTmpProfileImpl(osl_TProfileImpl* pProfile) static sal_Bool osl_ProfileSwapProfileNames(osl_TProfileImpl* pProfile) { - sal_Bool bRet = sal_False; + sal_Bool bRet = sal_False; - sal_Char pszBakFile[PATH_MAX]; - sal_Char pszTmpFile[PATH_MAX]; - sal_Char pszIniFile[PATH_MAX]; + sal_Char pszBakFile[PATH_MAX]; + sal_Char pszTmpFile[PATH_MAX]; + sal_Char pszIniFile[PATH_MAX]; pszBakFile[0] = '\0'; pszTmpFile[0] = '\0'; pszIniFile[0] = '\0'; - osl_ProfileGenerateExtension(pProfile->m_FileName,"bak",pszBakFile); + osl_ProfileGenerateExtension(pProfile->m_FileName, "bak", pszBakFile, PATH_MAX); strcpy(pszIniFile,pProfile->m_FileName); - osl_ProfileGenerateExtension(pProfile->m_FileName,"tmp",pszTmpFile); + osl_ProfileGenerateExtension(pProfile->m_FileName, "tmp", pszTmpFile, PATH_MAX); - /* unlink bak */ - unlink( pszBakFile ); + /* unlink bak */ + unlink( pszBakFile ); - /* rename ini bak */ - rename( pszIniFile, pszBakFile ); + /* rename ini bak */ + rename( pszIniFile, pszBakFile ); - /* rename tmp ini */ - rename( pszTmpFile, pszIniFile ); + /* rename tmp ini */ + rename( pszTmpFile, pszIniFile ); return bRet; } -static void osl_ProfileGenerateExtension(sal_Char* pszFileName, sal_Char* pszExtension, sal_Char* pszTmpName) +static void osl_ProfileGenerateExtension(const sal_Char* pszFileName, const sal_Char* pszExtension, sal_Char* pszTmpName, int BufferMaxLen) { + sal_Char* cursor = pszTmpName; + int len; - strcpy(pszTmpName,pszFileName); - strcat(pszTmpName,"."); - strcat(pszTmpName,pszExtension); + /* concatenate filename + "." + extension, limited to the size of the + * output buffer; in case of overrun, data is truncated at the end... + * and the result is always 0-terminated. + */ + len = strlen(pszFileName); + if(len < BufferMaxLen) + { + memcpy(cursor, pszFileName, len); + cursor += len; + BufferMaxLen -= len; + } + else + { + memcpy(cursor, pszFileName, BufferMaxLen - 1); + cursor += BufferMaxLen - 1; + BufferMaxLen = 1; + } + if(BufferMaxLen > 1) + { + *cursor++ = '.'; + BufferMaxLen -= 1; + } + len = strlen(pszExtension); + if(len < BufferMaxLen) + { + memcpy(cursor, pszExtension, len); + cursor += len; + } + else + { + memcpy(cursor, pszExtension, BufferMaxLen - 1); + cursor += BufferMaxLen - 1; + BufferMaxLen = 1; + } + *cursor = 0; return; } |