[evolution-data-server/gnome-3-28] Bug 796174 - strcat() considered unsafe for buffer overflow
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution-data-server/gnome-3-28] Bug 796174 - strcat() considered unsafe for buffer overflow
- Date: Tue, 19 Jun 2018 08:24:44 +0000 (UTC)
commit c52a659c84b7843cfb6e99ad9511d44c304fc3cb
Author: Milan Crha <mcrha redhat com>
Date: Thu Jun 14 13:48:42 2018 +0200
Bug 796174 - strcat() considered unsafe for buffer overflow
.../backends/ldap/e-book-backend-ldap.c | 46 ++++++++--------------
1 file changed, 16 insertions(+), 30 deletions(-)
---
diff --git a/src/addressbook/backends/ldap/e-book-backend-ldap.c
b/src/addressbook/backends/ldap/e-book-backend-ldap.c
index 0c8215811..5d6a0b72c 100644
--- a/src/addressbook/backends/ldap/e-book-backend-ldap.c
+++ b/src/addressbook/backends/ldap/e-book-backend-ldap.c
@@ -3583,8 +3583,7 @@ func_contains (struct _ESExp *f,
if (!strcmp (propname, "x-evolution-any-field")) {
gint i;
- gint query_length;
- gchar *big_query;
+ GString *big_query;
gchar *match_str;
if (one_star) {
g_free (str);
@@ -3597,14 +3596,8 @@ func_contains (struct _ESExp *f,
match_str = g_strdup_printf ("=*%s*)", str);
- query_length = 3; /* strlen ("(|") + strlen (")") */
-
- for (i = 0; i < G_N_ELEMENTS (prop_info); i++) {
- query_length += 1 /* strlen ("(") */ + strlen (prop_info[i].ldap_attr) +
strlen (match_str);
- }
-
- big_query = g_malloc0 (query_length + 1);
- strcat (big_query, "(|");
+ big_query = g_string_sized_new (G_N_ELEMENTS (prop_info) * 7);
+ g_string_append (big_query, "(|");
for (i = 0; i < G_N_ELEMENTS (prop_info); i++) {
if ((prop_info[i].prop_type & PROP_TYPE_STRING) != 0 &&
!(prop_info[i].prop_type & PROP_WRITE_ONLY) &&
@@ -3612,14 +3605,14 @@ func_contains (struct _ESExp *f,
!(prop_info[i].prop_type & PROP_EVOLVE)) &&
(ldap_data->bl->priv->calEntrySupported ||
!(prop_info[i].prop_type & PROP_CALENTRY))) {
- strcat (big_query, "(");
- strcat (big_query, prop_info[i].ldap_attr);
- strcat (big_query, match_str);
+ g_string_append (big_query, "(");
+ g_string_append (big_query, prop_info[i].ldap_attr);
+ g_string_append (big_query, match_str);
}
}
- strcat (big_query, ")");
+ g_string_append (big_query, ")");
- ldap_data->list = g_list_prepend (ldap_data->list, big_query);
+ ldap_data->list = g_list_prepend (ldap_data->list, g_string_free (big_query, FALSE));
g_free (match_str);
}
@@ -3800,34 +3793,27 @@ func_exists (struct _ESExp *f,
if (!strcmp (propname, "x-evolution-any-field")) {
gint i;
- gint query_length;
- gchar *big_query;
+ GString *big_query;
gchar *match_str;
match_str = g_strdup ("=*)");
- query_length = 3; /* strlen ("(|") + strlen (")") */
-
- for (i = 0; i < G_N_ELEMENTS (prop_info); i++) {
- query_length += 1 /* strlen ("(") */ + strlen (prop_info[i].ldap_attr) +
strlen (match_str);
- }
-
- big_query = g_malloc0 (query_length + 1);
- strcat (big_query, "(|");
+ big_query = g_string_sized_new (G_N_ELEMENTS (prop_info) * 7);
+ g_string_append (big_query, "(|");
for (i = 0; i < G_N_ELEMENTS (prop_info); i++) {
if (!(prop_info[i].prop_type & PROP_WRITE_ONLY) &&
(ldap_data->bl->priv->evolutionPersonSupported ||
!(prop_info[i].prop_type & PROP_EVOLVE)) &&
(ldap_data->bl->priv->calEntrySupported ||
!(prop_info[i].prop_type & PROP_CALENTRY))) {
- strcat (big_query, "(");
- strcat (big_query, prop_info[i].ldap_attr);
- strcat (big_query, match_str);
+ g_string_append (big_query, "(");
+ g_string_append (big_query, prop_info[i].ldap_attr);
+ g_string_append (big_query, match_str);
}
}
- strcat (big_query, ")");
+ g_string_append (big_query, ")");
- ldap_data->list = g_list_prepend (ldap_data->list, big_query);
+ ldap_data->list = g_list_prepend (ldap_data->list, g_string_free (big_query, FALSE));
g_free (match_str);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
