Fix buffer overflows in shortcut and workspace name handling

The handling of user defined shortcuts was not checking the length of the shortcut before copying it to a fixed-length temporary buffer, char buf[128]; strcpy(buf, shortcutDefinition); and strcpy() is well known for not checking if overflows will occur. In particular, wmaker was crashing here if a big 'shortcut' was defined either through WPrefs or by directly editing the configuration files. This is now avoided by using strncpy() instead. And this patch also fixes a similar buffer overflow for big workspace names too. Furthermore, use MAX_SHORTCUT_LENGTH instead of raw number and define it to be 32 instead of 128.
2025-12-22 14:08:06 +01:00 · 2008-11-09 20:18:05 +01:00
parent 06f59b9928
commit 3c323e1e9a
4 changed files with 13 additions and 10 deletions
--- a/src/workspace.c
+++ b/src/workspace.c
@@ -54,6 +54,7 @@

 #include "xinerama.h"

+#define MAX_SHORTCUT_LENGTH 32

 extern WPreferences wPreferences;
 extern XContext wWinContext;
@@ -1384,7 +1385,7 @@ wWorkspaceMenuUpdate(WScreen *scr, WMenu *menu)
        i = scr->workspace_count-(menu->entry_no-2);
        ws = menu->entry_no - 2;
        while (i>0) {
-            strcpy(title, scr->workspaces[ws]->name);
+            strncpy(title, scr->workspaces[ws]->name, MAX_WORKSPACENAME_WIDTH);

            entry = wMenuAddCallback(menu, title, switchWSCommand, (void*)ws);
            entry->flags.indicator = 1;