aboutsummaryrefslogtreecommitdiffstats
path: root/src/bin/e_exec.c
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@free.fr>2012-08-29 07:14:05 +0000
committerCedric BAIL <cedric.bail@free.fr>2012-08-29 07:14:05 +0000
commit4de7c065af4e11cc4d17b7787d73586890ad1c84 (patch)
tree38cad50ea109537f6bf25bbc41842342a1228698 /src/bin/e_exec.c
parent1fb57fe691c6ef40615dfdfea0fc894a87cf9baf (diff)
downloadenlightenment-4de7c065af4e11cc4d17b7787d73586890ad1c84.tar.gz
enlightenment-4de7c065af4e11cc4d17b7787d73586890ad1c84.tar.xz
enlightenment-4de7c065af4e11cc4d17b7787d73586890ad1c84.zip
e: remove potential buffer overflow and make it more efficient.
Patch started by Maxime Villard (rustyBSD). SVN revision: 75812
Diffstat (limited to 'src/bin/e_exec.c')
-rw-r--r--src/bin/e_exec.c37
1 files changed, 25 insertions, 12 deletions
diff --git a/src/bin/e_exec.c b/src/bin/e_exec.c
index 051d502bf..22f7bffac 100644
--- a/src/bin/e_exec.c
+++ b/src/bin/e_exec.c
@@ -183,32 +183,45 @@ _e_exec_cb_exec(void *data, Efreet_Desktop *desktop, char *exec, int remaining)
{
const char *p1, *p2;
char buf2[32];
+ char *buf3 = NULL;
int head;
+ int head_length;
+ int penv_display_length;
head = launch->zone->container->manager->num;
+ penv_display_length = strlen(penv_display);
+ /* Check for insane length for DISPLAY env */
+ if (penv_display_length + 32 > 4096) return NULL;
+
+ /* buf2 = '.%i' */
+ *buf2 = '.';
+ head_length = eina_convert_itoa(head, buf2 + 1) + 2;
+
/* set env vars */
p1 = strrchr(penv_display, ':');
p2 = strrchr(penv_display, '.');
if ((p1) && (p2) && (p2 > p1)) /* "blah:x.y" */
{
- /* yes it could overflow... but who will overflow DISPLAY eh? why? to
- * "exploit" your own applications running as you?
- */
- strcpy(buf, penv_display);
- buf[p2 - penv_display + 1] = 0;
- snprintf(buf2, sizeof(buf2), "%i", head);
- strcat(buf, buf2);
+ buf3 = alloca((p2 - penv_display) + head_length + 1);
+
+ memcpy(buf3, penv_display, p2 - penv_display);
+ memcpy(buf3 + (p2 - penv_display), buf2, head_length);
}
else if (p1) /* "blah:x */
{
- strcpy(buf, penv_display);
- snprintf(buf2, sizeof(buf2), ".%i", head);
- strcat(buf, buf2);
+ buf3 = alloca(penv_display_length + head_length);
+
+ memcpy(buf3, penv_display, penv_display_length);
+ memcpy(buf3 + penv_display_length, buf2, head_length);
}
else
- strcpy(buf, penv_display);
- e_util_env_set("DISPLAY", buf);
+ {
+ buf3 = alloca(penv_display_length + 1);
+ memcpy(buf3, penv_display, penv_display_length + 1);
+ }
+
+ e_util_env_set("DISPLAY", buf3);
}
snprintf(buf, sizeof(buf), "E_START|%i", startup_id);
e_util_env_set("DESKTOP_STARTUP_ID", buf);