volk_prefs: fix buffer overflows in config path and preferences#17
Open
mtibbits wants to merge 1 commit into
Open
volk_prefs: fix buffer overflows in config path and preferences#17mtibbits wants to merge 1 commit into
mtibbits wants to merge 1 commit into
Conversation
mtibbits
force-pushed
the
fix/14-volk-prefs-buffer-overflow
branch
2 times, most recently
from
9dcfee2 to
9af9ae1
Compare
Path construction in volk_get_config_path() used strncpy/strcat pairs that could overflow when environment variables (VOLK_CONFIGPATH, HOME, APPDATA) exceeded 495 characters. Replace with snprintf using an explicit size constant. Also add width limits to sscanf in volk_load_preferences() to prevent config file tokens from overflowing the 128-byte volk_arch_pref_t fields. Fixes #14 Signed-off-by: Matthew Tibbits <894144+mtibbits@users.noreply.github.com>
mtibbits
force-pushed
the
fix/792-xdg-config-path
branch
from
d2a45c7 to
a19a383
Compare
mtibbits
force-pushed
the
fix/14-volk-prefs-buffer-overflow
branch
from
9af9ae1 to
f5dfe5b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Depends on #11
Config path construction in
volk_get_config_path()usedstrncpy/strcatpairs that can overflow when environment variables (
VOLK_CONFIGPATH,HOME,APPDATA) exceed 495 characters.volk_load_preferences()reads configtokens with
sscanfwithout width limits, overflowing the 128-bytevolk_arch_pref_tfields on crafted config files.Replace
strncpy/strcatwithsnprintfusing an explicit size constant(1024, matching all existing callers). Add
%127swidth limits tosscanf.Upsize the local
pathbuffer involk_load_preferencesto match.The
/etcpath block is unchanged — its source is a 4-char literal thatcannot overflow.
Fixes #14