Fix unchecked strcpy from commandline argument into fixed size buffer

author Nelson Ferreira <nelson.ferreira@ieee.org>

Wed, 14 Sep 2011 08:15:53 +0000 (04:15 -0400)

committer Nelson Ferreira <nelson.ferreira@ieee.org>

Wed, 14 Sep 2011 08:15:53 +0000 (04:15 -0400)
author Nelson Ferreira <nelson.ferreira@ieee.org>
Wed, 14 Sep 2011 08:15:53 +0000 (04:15 -0400)
committer Nelson Ferreira <nelson.ferreira@ieee.org>
Wed, 14 Sep 2011 08:15:53 +0000 (04:15 -0400)
diff --git a/lib-src/yow.c b/lib-src/yow.c

index 9660858..ce4d1a0 100644 (file)
--- a/lib-src/yow.c
+++ b/lib-src/yow.c
@@ -38,9 +38,10 @@ int main(int argc, char *argv[])
         FILE *fp;
         char file[BUFSIZ];
  
-       if (argc > 2 && !strcmp(argv[1], "-f"))
-               strcpy(file, argv[2]);
-       else
+       if (argc > 2 && !strcmp(argv[1], "-f")) {
+               strncpy(file, argv[2], sizeof(file)-1);
+               file[sizeof(file)-1]='\0';
+       } else
  #ifdef PATH_DATA
  #ifdef vms
                 sprintf(file, "%s%s", PATH_DATA, YOW_FILE);
author	Nelson Ferreira <nelson.ferreira@ieee.org>
	Wed, 14 Sep 2011 08:15:53 +0000 (04:15 -0400)
committer	Nelson Ferreira <nelson.ferreira@ieee.org>
	Wed, 14 Sep 2011 08:15:53 +0000 (04:15 -0400)