Fix buffer overflows in shortcut and workspace name handling

The handling of user defined shortcuts was not checking the length of the shortcut before copying it to a fixed-length temporary buffer, char buf[128]; strcpy(buf, shortcutDefinition); and strcpy() is well known for not checking if overflows will occur. In particular, wmaker was crashing here if a big 'shortcut' was defined either through WPrefs or by directly editing the configuration files. This is now avoided by using strncpy() instead. And this patch also fixes a similar buffer overflow for big workspace names too. Furthermore, use MAX_SHORTCUT_LENGTH instead of raw number and define it to be 32 instead of 128.
2025-12-19 12:28:22 +01:00 · 2008-11-09 20:18:05 +01:00
parent 06f59b9928
commit 3c323e1e9a
4 changed files with 13 additions and 10 deletions
--- a/src/defaults.c
+++ b/src/defaults.c
@@ -69,7 +69,7 @@
 #include "workspace.h"
 #include "properties.h"

-
+#define MAX_SHORTCUT_LENGTH 32

 /***** Global *****/

@@ -2515,7 +2515,7 @@ getKeybind(WScreen *scr, WDefaultEntry *entry, WMPropList *value, void *addr,
    KeySym ksym;
    char *val;
    char *k;
-    char buf[128], *b;
+    char buf[MAX_SHORTCUT_LENGTH], *b;


    GET_STRING_OR_DEFAULT("Key spec", val);
@@ -2528,7 +2528,7 @@ getKeybind(WScreen *scr, WDefaultEntry *entry, WMPropList *value, void *addr,
        return True;
    }

-    strcpy(buf, val);
+    strncpy(buf, val, MAX_SHORTCUT_LENGTH);

    b = (char*)buf;