commit 0e418aa8173f97591207438238bf55395932d2ac
parent dc094dbed5524ab5d8b7963e2503191bcdc931a1
Author: Paco Esteban <paco@e1e0.net>
Date: Mon, 22 Jun 2020 19:18:11 +0200
handle strlcpy truncation
Diffstat:
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/helpers.c b/helpers.c
@@ -33,7 +33,9 @@ build_full_path(char *dir, char *file)
/* if user input does not have trailing slash, add it */
if (dir[strlen(dir)-1] != '/')
- strlcat(separator, "/", sizeof(separator));
+ n = strlcpy(separator, "/", sizeof(separator));
+ if (n >= sizeof(separator))
+ return NULL;
n = asprintf(&fullpath, "%s%s%s", dir, separator, file);
if ((n < 0) || (n > PATH_MAX)) {
diff --git a/ssnail.c b/ssnail.c
@@ -437,6 +437,7 @@ process_dir(char *src, char *dst, int force)
if (dp->d_type == DT_REG) {
if (strcmp(get_filename_ext(src_path), "md") == 0) {
char *fbuf = NULL;
+ int n = 0;
a = malloc(sizeof(struct article));
if (a == NULL) {
@@ -444,9 +445,19 @@ process_dir(char *src, char *dst, int force)
goto out;
}
- strlcpy(a->src_path, src_path, PATH_MAX);
+ n = strlcpy(a->src_path, src_path, PATH_MAX);
+ if (n >= PATH_MAX) {
+ error = ssnail_error_msg(2, "src_path cpy");
+ goto out;
+ }
+
fbuf = str_rep(dst_path, ".md", ".html");
- strlcpy(a->dst_path, fbuf, PATH_MAX);
+ n = strlcpy(a->dst_path, fbuf, PATH_MAX);
+ if (n >= PATH_MAX) {
+ error = ssnail_error_msg(2, "dst_path cpy");
+ free(fbuf);
+ goto out;
+ }
free(fbuf);
error = populate_article_entry(a);
