[Security] panel-keyfile: Use 'g_strlcpy' instead of 'strcpy'

Fixes Clang static analyzer warning: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
author: Pablo Barciela <[email protected]> 2019-03-03 03:13:55 +0100
committer: ZenWalker <[email protected]> 2019-03-22 11:02:29 +0100
commit: a975dcc0734b2592810a44714e98f2e8c768a286 (patch)
tree: 35e027f84002fdfdad1f0957581f54a0126790eb
parent: 90c61c664b2c31f27eb04a076bc34e9998f44335 (diff)
download: mate-panel-a975dcc0734b2592810a44714e98f2e8c768a286.tar.bz2
mate-panel-a975dcc0734b2592810a44714e98f2e8c768a286.tar.xz
1 files changed, 3 insertions, 4 deletions
diff --git a/mate-panel/libpanel-util/panel-keyfile.c b/mate-panel/libpanel-util/panel-keyfile.c
index ebd32497..5cf4996e 100644
--- a/mate-panel/libpanel-util/panel-keyfile.c
+++ b/mate-panel/libpanel-util/panel-keyfile.c
@@ -126,11 +126,10 @@ panel_key_file_to_file (GKeyFile *keyfile,
 gsize new_length;
 
 new_length = length + strlen (KEYFILE_TRUSTED_SHEBANG);
- new_data = g_malloc (new_length);
+ new_data = g_malloc (new_length + 1);
 
- strcpy (new_data, KEYFILE_TRUSTED_SHEBANG);
- memcpy (new_data + strlen (KEYFILE_TRUSTED_SHEBANG),
- data, length);
+ g_strlcpy (new_data, KEYFILE_TRUSTED_SHEBANG, new_length + 1);
+ g_strlcat (new_data, data, new_length + 1);
 
 g_free (data);
 data = new_data;
author	Pablo Barciela <[email protected]>	2019-03-03 03:13:55 +0100
committer	ZenWalker <[email protected]>	2019-03-22 11:02:29 +0100
commit	a975dcc0734b2592810a44714e98f2e8c768a286 (patch)
tree	35e027f84002fdfdad1f0957581f54a0126790eb
parent	90c61c664b2c31f27eb04a076bc34e9998f44335 (diff)
download	mate-panel-a975dcc0734b2592810a44714e98f2e8c768a286.tar.bz2 mate-panel-a975dcc0734b2592810a44714e98f2e8c768a286.tar.xz