From 3cd7cac8f1b519cd1cc85d4eb94496d9be732749 Mon Sep 17 00:00:00 2001 From: q-posev Date: Fri, 8 Jul 2022 12:26:23 +0200 Subject: [PATCH] Fix potential buffer overflows in text back end --- src/templates_text/templator_text.org | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/templates_text/templator_text.org b/src/templates_text/templator_text.org index d095346..88908e7 100644 --- a/src/templates_text/templator_text.org +++ b/src/templates_text/templator_text.org @@ -420,13 +420,14 @@ trexio_text_read_$group$ (trexio_text_t* const file) /* conventional fcanf with "%s" only return the string before the first space character * to read string with spaces use "%[^\n]" possible with space before or after, i.e. " %[^\n]" */ - rc = fscanf(f, " %1023[^\n]", tmp_$group_dset$); + rc = fscanf(f, " %1023[^\n]", buffer); if (rc != 1) { trexio_text_free_read_$group$(buffer, f, file, $group$); return NULL; } - size_t tmp_$group_dset$_len = strlen($group$->$group_dset$[i]); + size_t tmp_$group_dset$_len = strlen(buffer); + strncpy(tmp_$group_dset$, buffer, tmp_$group_dset$_len + 1); tmp_$group_dset$ += tmp_$group_dset$_len + 1; } } @@ -484,14 +485,15 @@ trexio_text_read_$group$ (trexio_text_t* const file) return NULL; } - rc = fscanf(f, " %1023[^\n]", $group$->$group_str$); + rc = fscanf(f, " %1023[^\n]", buffer); if (rc != 1) { trexio_text_free_read_$group$(buffer, f, file, $group$); return NULL; } + /* Safer string conversion to avoid buffer overflow in fscanf */ + strncpy($group$->$group_str$, buffer, $group$->len_$group_str$); } - // END REPEAT GROUP_ATTR_STR } else { continue;