diff options
Diffstat (limited to 'src/yulectl.c')
-rw-r--r-- | src/yulectl.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/yulectl.c b/src/yulectl.c index 50a837b..8948695 100644 --- a/src/yulectl.c +++ b/src/yulectl.c @@ -47,8 +47,10 @@ #define SH_REQ_PASSWORD 1 #endif +#define SH_PW_SIZE 15 + static int sock = -1; -static char password[15] = ""; +static char password[SH_PW_SIZE] = ""; static int verbose = 0; #ifdef SH_STEALTH @@ -122,13 +124,10 @@ termination_handler (int signum) static char * safe_copy(char * to, const char * from, size_t size) { - if (to && from) + if (to && from && (size > 0)) { - strncpy (to, from, size); - if (size > 0) - to[size-1] = '\0'; - else - *to = '\0'; + strncpy (to, from, size-1); + to[size-1] = '\0'; } return to; } @@ -143,7 +142,13 @@ static int send_to_server (char * serversock, char * message) /* Initialize the server socket address. */ name.sun_family = AF_UNIX; - strncpy (name.sun_path, serversock, sizeof(name.sun_path) - 1); + memcpy(name.sun_path, serversock, sizeof(name.sun_path)); + name.sun_path[sizeof(name.sun_path)-1] = '\0'; + if (strlen(serversock) > strlen(name.sun_path)) + { + perror (_("ERROR: socket path too long")); + return -1; + } size = (offsetof (struct sockaddr_un, sun_path) + strlen (name.sun_path) + 1); @@ -400,7 +405,7 @@ static int get_passwd(char * message2, size_t size) /* 1) Password from environment */ pw = getenv(_("YULECTL_PASSWORD")); - if (pw && strlen(pw) < 15) + if (pw && strlen(pw) < SH_PW_SIZE) { strcpy(password, pw); strcpy(message2, password); @@ -412,7 +417,7 @@ static int get_passwd(char * message2, size_t size) if (get_home(home, sizeof(home)) < 0) return -1; - if ( (strlen(home) + strlen(_("/.yulectl_cred")) + 1) > 4096) + if ( (strlen(home) + strlen(_("/.yulectl_cred")) + 1) > sizeof(home)) { fprintf (stderr, "%s", _("ERROR: path for $HOME is too long.\n")); return -1; @@ -450,7 +455,7 @@ static int get_passwd(char * message2, size_t size) (void) rtrim(message2); - if (strlen(message2) > 14) + if (strlen(message2) > (SH_PW_SIZE -1)) { fprintf (stderr, "%s", _("ERROR: Password too long (max. 14 characters).\n")); |