[Security] panel-keyfile: Use 'g_strlcpy' instead of 'strcpy'

Fixes Clang static analyzer warning: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
author: Pablo Barciela <[email protected]> 2019-03-03 03:13:55 +0100
committer: Pablo Barciela <[email protected]> 2019-03-22 11:04:04 +0100
commit: 23dcb29e8edf1625f0b6e7727f513238299efd2d (patch)
tree: 304c7f48e1f27ff02c6d170a74f7341bd5482680 /mate-panel/libpanel-util
parent: ee24dd64a2fbb19e8d3d4c8b4747016807623e79 (diff)
download: mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.bz2
mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.xz
1 files changed, 3 insertions, 4 deletions
diff --git a/mate-panel/libpanel-util/panel-keyfile.c b/mate-panel/libpanel-util/panel-keyfile.c
index ebd32497..5cf4996e 100644
--- a/mate-panel/libpanel-util/panel-keyfile.c
+++ b/mate-panel/libpanel-util/panel-keyfile.c
@@ -126,11 +126,10 @@ panel_key_file_to_file (GKeyFile *keyfile,
 gsize new_length;
 
 new_length = length + strlen (KEYFILE_TRUSTED_SHEBANG);
- new_data = g_malloc (new_length);
+ new_data = g_malloc (new_length + 1);
 
- strcpy (new_data, KEYFILE_TRUSTED_SHEBANG);
- memcpy (new_data + strlen (KEYFILE_TRUSTED_SHEBANG),
- data, length);
+ g_strlcpy (new_data, KEYFILE_TRUSTED_SHEBANG, new_length + 1);
+ g_strlcat (new_data, data, new_length + 1);
 
 g_free (data);
 data = new_data;
author	Pablo Barciela <[email protected]>	2019-03-03 03:13:55 +0100
committer	Pablo Barciela <[email protected]>	2019-03-22 11:04:04 +0100
commit	23dcb29e8edf1625f0b6e7727f513238299efd2d (patch)
tree	304c7f48e1f27ff02c6d170a74f7341bd5482680 /mate-panel/libpanel-util
parent	ee24dd64a2fbb19e8d3d4c8b4747016807623e79 (diff)
download	mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.bz2 mate-panel-23dcb29e8edf1625f0b6e7727f513238299efd2d.tar.xz