From 60cfbcf9e77d4d88aae94226d74300e2490f8549 Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Tue, 9 Aug 2016 09:37:29 +0200 Subject: LOK init: strcpy() -> strncpy() 'strcpy' is insecure as it does not provide bounding of the memory buffer in general, so let's avoid it even here. Change-Id: If39319a2df7ddd9297938bc0be67fe5f8a2af962 Reviewed-on: https://gerrit.libreoffice.org/27999 Reviewed-by: Miklos Vajna Tested-by: Jenkins --- include/LibreOfficeKit/LibreOfficeKitInit.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'include/LibreOfficeKit') diff --git a/include/LibreOfficeKit/LibreOfficeKitInit.h b/include/LibreOfficeKit/LibreOfficeKitInit.h index 47b955320a06..bbef7d54c829 100644 --- a/include/LibreOfficeKit/LibreOfficeKitInit.h +++ b/include/LibreOfficeKit/LibreOfficeKitInit.h @@ -161,19 +161,20 @@ static void *lok_dlopen( const char *install_path, char ** _imp_lib ) // allocate large enough buffer partial_length = strlen(install_path); - imp_lib = (char *) malloc(partial_length + sizeof(TARGET_LIB) + sizeof(TARGET_MERGED_LIB) + 2); + size_t imp_lib_size = partial_length + sizeof(TARGET_LIB) + sizeof(TARGET_MERGED_LIB) + 2; + imp_lib = (char *) malloc(imp_lib_size); if (!imp_lib) { fprintf( stderr, "failed to open library : not enough memory\n"); return NULL; } - strcpy(imp_lib, install_path); + strncpy(imp_lib, install_path, imp_lib_size); extendUnoPath(install_path); imp_lib[partial_length++] = SEPARATOR; - strcpy(imp_lib + partial_length, TARGET_LIB); + strncpy(imp_lib + partial_length, TARGET_LIB, imp_lib_size - partial_length); dlhandle = lok_loadlib(imp_lib); if (!dlhandle) @@ -191,7 +192,7 @@ static void *lok_dlopen( const char *install_path, char ** _imp_lib ) return NULL; } - strcpy(imp_lib + partial_length, TARGET_MERGED_LIB); + strncpy(imp_lib + partial_length, TARGET_MERGED_LIB, imp_lib_size - partial_length); dlhandle = lok_loadlib(imp_lib); if (!dlhandle) -- cgit