diff options
| author | Koichiro IWAO <meta@vmeta.jp> | 2018-06-15 14:10:25 +0900 |
|---|---|---|
| committer | Koichiro IWAO <meta@vmeta.jp> | 2018-06-16 16:44:37 +0900 |
| commit | 6e16b38ecc109bc889dcc1ea79a9ad436abd463a (patch) | |
| tree | 7d161aff5398bdfc2b9d003b730f0f926ca8fd13 | |
| parent | 9192e95c969a697f70e8f15e0f2c640297ba636e (diff) | |
| download | xrdp-proprietary-6e16b38ecc109bc889dcc1ea79a9ad436abd463a.tar.gz xrdp-proprietary-6e16b38ecc109bc889dcc1ea79a9ad436abd463a.zip | |
sesman: fix potential buffer over flow
| -rw-r--r-- | sesman/config.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/sesman/config.c b/sesman/config.c index 28b66cda..796b9511 100644 --- a/sesman/config.c +++ b/sesman/config.c @@ -105,6 +105,7 @@ config_read_globals(int file, struct config_sesman *cf, struct list *param_n, struct list *param_v) { int i; + int length; char *buf; list_clear(param_v); @@ -180,11 +181,11 @@ config_read_globals(int file, struct config_sesman *cf, struct list *param_n, g_free(cf->default_wm); cf->default_wm = g_strdup("startwm.sh"); } - - /* if default_wm doesn't begin with '/', it's a relative path from XRDP_CFG_PATH */ + /* if default_wm doesn't begin with '/', it's a relative path to XRDP_CFG_PATH */ if (cf->default_wm[0] != '/') { - buf = (char *)g_malloc(1024, 0); + length = sizeof(XRDP_CFG_PATH) + g_strlen(g_cfg->default_wm) + 1; /* '/' */ + buf = (char *)g_malloc(length, 0); g_sprintf(buf, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm); g_free(g_cfg->default_wm); g_cfg->default_wm = g_strdup(buf); @@ -200,16 +201,17 @@ config_read_globals(int file, struct config_sesman *cf, struct list *param_n, g_free(cf->reconnect_sh); cf->reconnect_sh = g_strdup("reconnectwm.sh"); } + /* if reconnect_sh doesn't begin with '/', it's a relative path to XRDP_CFG_PATH */ if (cf->reconnect_sh[0] != '/') { - buf = (char *)g_malloc(1024, 0); + length = sizeof(XRDP_CFG_PATH) + g_strlen(g_cfg->reconnect_sh) + 1; /* '/' */ + buf = (char *)g_malloc(length, 0); g_sprintf(buf, "%s/%s", XRDP_CFG_PATH, g_cfg->reconnect_sh); g_free(g_cfg->reconnect_sh); g_cfg->reconnect_sh = g_strdup(buf); g_free(buf); } - return 0; } |