From 6e00588ebfe9441f793c304d42cf3c83463abe0c Mon Sep 17 00:00:00 2001 From: Andrei Karas Date: Wed, 2 May 2018 20:54:56 +0300 Subject: Fix possible buffer overflow in common. --- src/common/grfio.c | 4 ++-- src/common/sysinfo.c | 2 +- src/common/utils.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/common/grfio.c b/src/common/grfio.c index fba3dda86..d328f9c68 100644 --- a/src/common/grfio.c +++ b/src/common/grfio.c @@ -786,8 +786,8 @@ static bool grfio_parse_restable_row(const char *row) if (strstr(w2, ".gat") == NULL && strstr(w2, ".rsw") == NULL) return false; // we only need the maps' GAT and RSW files - sprintf(src, "data\\%s", w1); - sprintf(dst, "data\\%s", w2); + safesnprintf(src, 256, "data\\%s", w1); + safesnprintf(dst, 256, "data\\%s", w2); entry = grfio_filelist_find(dst); if (entry != NULL) { diff --git a/src/common/sysinfo.c b/src/common/sysinfo.c index 3c7e25a0c..0056aee1e 100644 --- a/src/common/sysinfo.c +++ b/src/common/sysinfo.c @@ -321,7 +321,7 @@ bool sysinfo_git_get_revision(char **out) while (*ref) { FILE *fp; - snprintf(filepath, sizeof(filepath), ".git/%s", ref); + safesnprintf(filepath, sizeof(filepath), ".git/%s", ref); if ((fp = fopen(filepath, "r")) != NULL) { if (fgets(line, sizeof(line)-1, fp) == NULL) { fclose(fp); diff --git a/src/common/utils.c b/src/common/utils.c index 0d76a885e..74c44d147 100644 --- a/src/common/utils.c +++ b/src/common/utils.c @@ -216,7 +216,7 @@ void findfile(const char *p, const char *pat, void (func)(const char*)) if (strcmp(entry->d_name, "..") == 0) continue; - sprintf(tmppath,"%s%c%s",path, PATHSEP, entry->d_name); + safesnprintf(tmppath, sizeof(tmppath), "%s%c%s", path, PATHSEP, entry->d_name); // check if the pattern matches. if (strstr(entry->d_name, pattern)) { -- cgit v1.2.3-60-g2f50