summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Barciela <[email protected]>2019-03-03 03:13:55 +0100
committerPablo Barciela <[email protected]>2019-03-22 11:04:04 +0100
commit23dcb29e8edf1625f0b6e7727f513238299efd2d (patch)
tree304c7f48e1f27ff02c6d170a74f7341bd5482680
parentee24dd64a2fbb19e8d3d4c8b4747016807623e79 (diff)
downloadmate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.bz2
mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.xz
[Security] panel-keyfile: Use 'g_strlcpy' instead of 'strcpy'
Fixes Clang static analyzer warning: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
-rw-r--r--mate-panel/libpanel-util/panel-keyfile.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/mate-panel/libpanel-util/panel-keyfile.c b/mate-panel/libpanel-util/panel-keyfile.c
index ebd32497..5cf4996e 100644
--- a/mate-panel/libpanel-util/panel-keyfile.c
+++ b/mate-panel/libpanel-util/panel-keyfile.c
@@ -126,11 +126,10 @@ panel_key_file_to_file (GKeyFile *keyfile,
gsize new_length;
new_length = length + strlen (KEYFILE_TRUSTED_SHEBANG);
- new_data = g_malloc (new_length);
+ new_data = g_malloc (new_length + 1);
- strcpy (new_data, KEYFILE_TRUSTED_SHEBANG);
- memcpy (new_data + strlen (KEYFILE_TRUSTED_SHEBANG),
- data, length);
+ g_strlcpy (new_data, KEYFILE_TRUSTED_SHEBANG, new_length + 1);
+ g_strlcat (new_data, data, new_length + 1);
g_free (data);
data = new_data;