xvt (2.1-20.1) 010_buffer_overflows.diff

Summary

 xsetup.c |   18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

    
download this patch

Patch contents

diff -urNad /home/sam/debian/official/xvt/xvt-2.1/xsetup.c xvt-2.1/xsetup.c
--- /home/sam/debian/official/xvt/xvt-2.1/xsetup.c	1997-09-17 18:23:17.000000000 +0200
+++ xvt-2.1/xsetup.c	2004-07-27 17:54:18.000000000 +0200
@@ -303,7 +303,7 @@
 			com_env[j++] = environ[i];
 	}
 	com_env[j++] = scopy(TERM_ENV);
-	sprintf(buf,"DISPLAY=%s",DisplayString(display));
+	sprintf(buf,"DISPLAY=%.400s",DisplayString(display));
 	com_env[j++] = scopy(buf);
 	sprintf(buf,"WINDOWID=%d",(int)main_win);
 	com_env[j++] = scopy(buf);
@@ -391,8 +391,8 @@
 
 	/*  See if there was a display named in the command line
 	 */
-	sprintf(str1,"%s.display",res_name);
-	sprintf(str2,"%s.Display",XVT_CLASS);
+	sprintf(str1,"%.100s.display",res_name);
+	sprintf(str2,"%.100s.Display",XVT_CLASS);
 	if (XrmGetResource(commandlineDB,str1,str2,&str_type,&value) == True) {
 		strncpy(str1,value.addr,(int)value.size);
 		display_name = str1;
@@ -529,18 +529,22 @@
 	XrmValue value;
 	char *str_type;
 
-	sprintf((char *)str1,"%s.%s",res_name,name);
-	sprintf((char *)str2,"%s.%s",XVT_CLASS,class);
+	sprintf((char *)str1,"%.100s.%.100s",res_name,name);
+	sprintf((char *)str2,"%.100s.%.100s",XVT_CLASS,class);
 	if (XrmGetResource(rDB,str1,str2,&str_type,&value) == True) {
+		if (value.size > 255)
+			value.size = 255;
 		strncpy((char *)resource,value.addr,(int)value.size);
 		return(resource);
 	}
 
 	/*  The following is added for compatibility with xterm.
 	 */
-	sprintf((char *)str1,"%s.vt100.%s",res_name,name);
-	sprintf((char *)str2,"%s.VT100.%s",XVT_CLASS,class);
+	sprintf((char *)str1,"%.100s.vt100.%.100s",res_name,name);
+	sprintf((char *)str2,"%.100s.VT100.%.100s",XVT_CLASS,class);
 	if (XrmGetResource(rDB,str1,str2,&str_type,&value) == True) {
+		if (value.size > 255)
+			value.size = 255;
 		strncpy((char *)resource,value.addr,(int)value.size);
 		return(resource);
 	}