Hello,
Thanks for the help. I have made a patch that would fix the possible
buffer overflows. Please check the attached patch.
On Mon, Apr 14, 2008 at 02:54:21PM +0200, Nico Golde wrote:
> Just saw it and I have to admit that I'm not really happy
> with it. Please just let the code as it is now and used
> snprintf instead with a length of sizeof(tmp). Please also
> check the other buffers.
---end quoted text---
--
أحمد المحمودي (Ahmed El-Mahmoudy)
Digital design engineer
SySDSoft, Inc.
GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
Index: acon-1.0.5/acon.c
===================================================================
--- acon-1.0.5.orig/acon.c 2008-04-16 20:43:11.000000000 +0200
+++ acon-1.0.5/acon.c 2008-04-16 21:11:38.000000000 +0200
@@ -50,7 +50,7 @@
font[0]=translation[0]=keymap[0]=0;
if((env=getenv("HOME")))
- sprintf(tmp,"%s/.acon.conf",env);
+ snprintf(tmp,300,"%s/.acon.conf",env);
else
strcpy(tmp,"/etc/acon.conf");
if((fp=fopen(tmp,"r"))==NULL)
Index: acon-1.0.5/arabicfont.c
===================================================================
--- acon-1.0.5.orig/arabicfont.c 2008-04-16 21:06:32.000000000 +0200
+++ acon-1.0.5/arabicfont.c 2008-04-16 21:11:28.000000000 +0200
@@ -613,7 +613,7 @@
y=16; /*Only support 8x16 fonts now*/
if(path[0]!='/')
- sprintf(tmp,"%s/fonts/%s",DATAPATH,path);
+ snprintf(tmp,300,"%s/fonts/%s",DATAPATH,path);
else
strcpy(tmp,path);
set_user_id();
@@ -699,12 +699,12 @@
if(path)
{
if(path[0]!='/')
- sprintf(tmp,"loadkeys %s/keymaps/%s >& /dev/null",DATAPATH,path);
+ snprintf(tmp,300,"loadkeys %s/keymaps/%s >& /dev/null",DATAPATH,path);
else
- sprintf(tmp,"loadkeys %s >& /dev/null",path);
+ snprintf(tmp,300,"loadkeys %s >& /dev/null",path);
}
else
- sprintf(tmp,"loadkeys %s/keymaps/iso8859-6.map",DATAPATH);
+ snprintf(tmp,300,"loadkeys %s/keymaps/iso8859-6.map",DATAPATH);
if(my_system(tmp))
printf("Error executing : %s \n",tmp);
@@ -743,7 +743,7 @@
}
if(path[0]!='/')
- sprintf(tmp,"%s/translations/%s",DATAPATH,path);
+ snprintf(tmp,302,"%s/translations/%s",DATAPATH,path);
else
strcpy(tmp,path);
if((fp=fopen(tmp,"r"))==NULL)
Index: acon-1.0.5/child.c
===================================================================
--- acon-1.0.5.orig/child.c 2008-04-16 21:04:18.000000000 +0200
+++ acon-1.0.5/child.c 2008-04-16 21:11:53.000000000 +0200
@@ -101,7 +101,7 @@
printf("Acon: can't know HOME directory\n");
return;
}
- sprintf(tmp,"%s/.acon.conf",env);
+ snprintf(tmp,300,"%s/.acon.conf",env);
if((fp=fopen(tmp,"w"))==NULL)
{
printf("Acon: can't save %s\n",tmp);
