[Libreoffice-commits] core.git: include/LibreOfficeKit

Miklos Vajna vmiklos at collabora.co.uk
Tue Aug 9 08:52:25 UTC 2016 

 include/LibreOfficeKit/LibreOfficeKitInit.h |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

New commits:
commit 60cfbcf9e77d4d88aae94226d74300e2490f8549
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Tue Aug 9 09:37:29 2016 +0200

    LOK init: strcpy() -> strncpy()
    
    'strcpy' is insecure as it does not provide bounding of the memory
    buffer in general, so let's avoid it even here.
    
    Change-Id: If39319a2df7ddd9297938bc0be67fe5f8a2af962
    Reviewed-on: https://gerrit.libreoffice.org/27999
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Jenkins <ci at libreoffice.org>

diff --git a/include/LibreOfficeKit/LibreOfficeKitInit.h b/include/LibreOfficeKit/LibreOfficeKitInit.h
index 47b9553..bbef7d5 100644
--- a/include/LibreOfficeKit/LibreOfficeKitInit.h
+++ b/include/LibreOfficeKit/LibreOfficeKitInit.h
@@ -161,19 +161,20 @@ static void *lok_dlopen( const char *install_path, char ** _imp_lib )
 
     // allocate large enough buffer
     partial_length = strlen(install_path);
-    imp_lib = (char *) malloc(partial_length + sizeof(TARGET_LIB) + sizeof(TARGET_MERGED_LIB) + 2);
+    size_t imp_lib_size = partial_length + sizeof(TARGET_LIB) + sizeof(TARGET_MERGED_LIB) + 2;
+    imp_lib = (char *) malloc(imp_lib_size);
     if (!imp_lib)
     {
         fprintf( stderr, "failed to open library : not enough memory\n");
         return NULL;
     }
 
-    strcpy(imp_lib, install_path);
+    strncpy(imp_lib, install_path, imp_lib_size);
 
     extendUnoPath(install_path);
 
     imp_lib[partial_length++] = SEPARATOR;
-    strcpy(imp_lib + partial_length, TARGET_LIB);
+    strncpy(imp_lib + partial_length, TARGET_LIB, imp_lib_size - partial_length);
 
     dlhandle = lok_loadlib(imp_lib);
     if (!dlhandle)
@@ -191,7 +192,7 @@ static void *lok_dlopen( const char *install_path, char ** _imp_lib )
             return NULL;
         }
 
-        strcpy(imp_lib + partial_length, TARGET_MERGED_LIB);
+        strncpy(imp_lib + partial_length, TARGET_MERGED_LIB, imp_lib_size - partial_length);
 
         dlhandle = lok_loadlib(imp_lib);
         if (!dlhandle)

More information about the Libreoffice-commits mailing list