bbs/magicka
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Squash use of strncat(). Replaced by strlcat().

Browse Source 
Note that the calls to strncat() did not account for the
NUL terminating byte, and for very long queries could have
led to a buffer overrun.

Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This commit is contained in:
Dan Cross 2018-10-15 14:37:50 +00:00 committed by Andrew Pamment
parent 9f4269c74e
commit 588242f68e
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/files.c
View File

@ -1229,29 +1229,29 @@ void file_search() {
searchterms[i] = str3dup("%%", searchterms[i], "%%");
}
if (stype == 0) {
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR filename LIKE ?", 1024);
strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
}
strncat(sqlbuffer, ")", 1024);
strlcat(sqlbuffer, ")", sizeof sqlbuffer);
}
if (stype == 1) {
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR description LIKE ?", 1024);
strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
}
strncat(sqlbuffer, ")", 1024);
strlcat(sqlbuffer, ")", sizeof sqlbuffer);
}
if (stype == 2) {
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR filename LIKE ?", 1024);
strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
}
strncat(sqlbuffer, " OR description LIKE ?", 1024);
strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR description LIKE ?", 1024);
strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
}
strncat(sqlbuffer, ")", 1024);
strlcat(sqlbuffer, ")", sizeof sqlbuffer);
}
if (!all) {