use 'strncpy' and 'strncat' instead of using of vulnerable function 'strcpy' and...

author Seunghun Lee <shiin.lee@samsung.com>

Wed, 18 May 2016 05:26:14 +0000 (14:26 +0900)

committer Seunghun Lee <shiin.lee@samsung.com>

Wed, 18 May 2016 06:13:18 +0000 (15:13 +0900)
author Seunghun Lee <shiin.lee@samsung.com>
Wed, 18 May 2016 05:26:14 +0000 (14:26 +0900)
committer Seunghun Lee <shiin.lee@samsung.com>
Wed, 18 May 2016 06:13:18 +0000 (15:13 +0900)
diff --git a/src/lib/pepper/keyboard.c b/src/lib/pepper/keyboard.c

index 1f3e348303b89947222ccccc53617e1328a793f5..6aa9d8a07da109a31bff70073f5f0d172ac3d62f 100644 (file)
--- a/src/lib/pepper/keyboard.c
+++ b/src/lib/pepper/keyboard.c
@@ -149,7 +149,7 @@ update_keymap(pepper_keyboard_t *keyboard)
                                                   keyboard->keymap_fd, 0);
                 PEPPER_CHECK(keymap_map, goto error, "failed to mmap for keymap\n");
  
-               strcpy(keymap_map, keymap_str);
+               strncpy(keymap_map, keymap_str, keyboard->keymap_len);
  
                 state = xkb_state_new(keyboard->keymap);
                 PEPPER_CHECK(state, goto error, "failed to create xkb state\n");
diff --git a/src/lib/pepper/utils-file.c b/src/lib/pepper/utils-file.c

index e2f05c35ac9d9d5cb3a65483bf72a5153e04045c..d4a04e612e5543cac51410fa8b62a05d127ca990 100644 (file)
--- a/src/lib/pepper/utils-file.c
+++ b/src/lib/pepper/utils-file.c
@@ -97,8 +97,8 @@ pepper_create_anonymous_file(off_t size)
         if (!name)
                 return -1;
  
-       strcpy(name, path);
-       strcat(name, template);
+       strncpy(name, path, strlen(path) + 1);
+       strncat(name, template, sizeof(template));
  
         fd = create_tmpfile_cloexec(name);
author	Seunghun Lee <shiin.lee@samsung.com>
	Wed, 18 May 2016 05:26:14 +0000 (14:26 +0900)
committer	Seunghun Lee <shiin.lee@samsung.com>
	Wed, 18 May 2016 06:13:18 +0000 (15:13 +0900)
src/lib/pepper/keyboard.c		patch \| blob \| history
src/lib/pepper/utils-file.c		patch \| blob \| history