diff options
author | Pablo Barciela <[email protected]> | 2019-03-03 03:13:55 +0100 |
---|---|---|
committer | Pablo Barciela <[email protected]> | 2019-03-22 11:04:04 +0100 |
commit | 23dcb29e8edf1625f0b6e7727f513238299efd2d (patch) | |
tree | 304c7f48e1f27ff02c6d170a74f7341bd5482680 | |
parent | ee24dd64a2fbb19e8d3d4c8b4747016807623e79 (diff) | |
download | mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.bz2 mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.xz |
[Security] panel-keyfile: Use 'g_strlcpy' instead of 'strcpy'
Fixes Clang static analyzer warning:
warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
-rw-r--r-- | mate-panel/libpanel-util/panel-keyfile.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/mate-panel/libpanel-util/panel-keyfile.c b/mate-panel/libpanel-util/panel-keyfile.c index ebd32497..5cf4996e 100644 --- a/mate-panel/libpanel-util/panel-keyfile.c +++ b/mate-panel/libpanel-util/panel-keyfile.c @@ -126,11 +126,10 @@ panel_key_file_to_file (GKeyFile *keyfile, gsize new_length; new_length = length + strlen (KEYFILE_TRUSTED_SHEBANG); - new_data = g_malloc (new_length); + new_data = g_malloc (new_length + 1); - strcpy (new_data, KEYFILE_TRUSTED_SHEBANG); - memcpy (new_data + strlen (KEYFILE_TRUSTED_SHEBANG), - data, length); + g_strlcpy (new_data, KEYFILE_TRUSTED_SHEBANG, new_length + 1); + g_strlcat (new_data, data, new_length + 1); g_free (data); data = new_data; |