From b8d7fa5bcc5c43ca052ed6b1d21f7fdb39ff0c92 Mon Sep 17 00:00:00 2001 From: Enno Rehling Date: Fri, 30 Oct 2015 11:09:28 +0100 Subject: [PATCH] CID 22567: Copy into fixed size buffer (STRING_OVERFLOW) bsdstring replacements, again --- src/names.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/names.c b/src/names.c index 40bc9cbb2..7a0855ef4 100644 --- a/src/names.c +++ b/src/names.c @@ -357,6 +357,7 @@ static const char *dracoid_name(const unit * u) { static char name[NAMESIZE + 1]; // FIXME: static return value int mid_syllabels; + size_t sz; /* ignore u */ u = 0; @@ -364,14 +365,14 @@ static const char *dracoid_name(const unit * u) mid_syllabels = rng_int() % 4; - strcpy(name, drac_pre[rng_int() % DRAC_PRE]); + sz = strlcpy(name, drac_pre[rng_int() % DRAC_PRE], sizeof(name)); while (mid_syllabels > 0) { mid_syllabels--; if (rng_int() % 10 < 4) - strcat(name, "'"); - strcat(name, drac_mid[rng_int() % DRAC_MID]); + strlcat(name, "'", sizeof(name)); + sz += strlcat(name, drac_mid[rng_int() % DRAC_MID], sizeof(name)); } - strcat(name, drac_suf[rng_int() % DRAC_SUF]); + sz += strlcat(name, drac_suf[rng_int() % DRAC_SUF], sizeof(name)); return name; }