From 3a76a65427af2cc21adfbe324bb11bd17f107603 Mon Sep 17 00:00:00 2001 From: Milan Crha Date: Fri, 18 Sep 2015 16:22:29 +0100 Subject: [PATCH 3/5] Fix creation of Exec path for files not in prefix Doing strcat() into a static buffer produces incorrect results for the second and subsequent services if they are not in the ${prefix}; for example, if the first call should have returned "C:\bar\bin\service1" and the second should have returned "C:\bar\bin\service2", the second result would actually be "C:\bar\bin\service1C:\bar\bin\service2". [smcv: added commit message; used strncpy/strncat to avoid overflow] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83539 --- dbus/dbus-sysdeps-util-win.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c index 57c353e..096ffee 100644 --- a/dbus/dbus-sysdeps-util-win.c +++ b/dbus/dbus-sysdeps-util-win.c @@ -1493,13 +1493,20 @@ _dbus_replace_install_prefix (const char *configure_time_path) if ((!_dbus_get_install_root(runtime_prefix, len) || strncmp (configure_time_path, DBUS_PREFIX "/", strlen (DBUS_PREFIX) + 1))) { - strcat (retval, configure_time_path); - return retval; + strncpy (retval, configure_time_path, sizeof (retval) - 1); + /* strncpy does not guarantee to 0-terminate the string */ + retval[sizeof (retval) - 1] = '\0'; + } else { + size_t remaining; + + strncpy (retval, runtime_prefix, sizeof (retval) - 1); + retval[sizeof (retval) - 1] = '\0'; + remaining = sizeof (retval) - 1 - strlen (retval); + strncat (retval, + configure_time_path + strlen (DBUS_PREFIX) + 1, + remaining); } - strcpy (retval, runtime_prefix); - strcat (retval, configure_time_path + strlen (DBUS_PREFIX) + 1); - /* Somehow, in some situations, backslashes get collapsed in the string. * Since windows C library accepts both forward and backslashes as * path separators, convert all backslashes to forward slashes. -- 2.5.1