Prevent buffer overflows. To eliminate possible buffer overflows some strcpy, sprintf and strcat have been changed to strlcpy, snprintf and strlcat. Change-Id: Ieb9d4b600c894946a6492f8629ff39f2fcc106d3 Signed-off-by: Oskar Andero <oskar.andero@sonyericsson.com>

commit: 092aa1c585fedd9e169eece41b8a471f1739908a [log] [tgz]
author: Peter Bohm <peter.m.bohm@sonyericsson.com> Fri Apr 01 12:35:25 2011 +0200
committer: Oskar Andero <oskar.andero@sonyericsson.com> Mon Jun 27 10:04:05 2011 +0200
tree: 079f73d5594e22ecdb3504a261d6baeb60952e28
parent: b20d54b2309adee8d192942015740735ded975d3 [diff] [blame]
diff --git a/vdc.c b/vdc.c
index 4f94ad3..1eb674c 100644
--- a/vdc.c
+++ b/vdc.c

@@ -21,6 +21,7 @@
 #include <signal.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <stdlib.h>
 
 #include <sys/socket.h>
 #include <sys/select.h>
@@ -56,6 +57,7 @@
 static int do_cmd(int sock, int argc, char **argv) {
     char final_cmd[255] = { '\0' };
     int i;
+    int ret;
 
     for (i = 1; i < argc; i++) {
         char *cmp;
@@ -65,7 +67,9 @@
         else
             asprintf(&cmp, "\"%s\"%s", argv[i], (i == (argc -1)) ? "" : " ");
 
-        strcat(final_cmd, cmp);
+        ret = strlcat(final_cmd, cmp, sizeof(final_cmd));
+        if (ret >= sizeof(final_cmd))
+            abort();
         free(cmp);
     }
commit	092aa1c585fedd9e169eece41b8a471f1739908a	[log] [tgz]
author	Peter Bohm <peter.m.bohm@sonyericsson.com>	Fri Apr 01 12:35:25 2011 +0200
committer	Oskar Andero <oskar.andero@sonyericsson.com>	Mon Jun 27 10:04:05 2011 +0200
tree	079f73d5594e22ecdb3504a261d6baeb60952e28
parent	b20d54b2309adee8d192942015740735ded975d3 [diff] [blame]