mirror of
https://git.jabber.space/devs/cproof.git
synced 2026-07-19 18:46:21 +00:00
fgets: buffer size
This commit is contained in:
@@ -230,9 +230,12 @@ accounts_get_account(const char * const name)
|
||||
// Evaluate as shell command to retrieve password
|
||||
if (eval_password != NULL) {
|
||||
FILE *stream = popen(eval_password, "r");
|
||||
// Limit to 100 bytes to prevent overflows in the case of a poorly chosen command
|
||||
password = g_malloc(100);
|
||||
password = fgets(password, 100, stream);
|
||||
// Limit to READ_BUF_SIZE bytes to prevent overflows in the case of a poorly chosen command
|
||||
password = g_malloc(READ_BUF_SIZE);
|
||||
gchar *result = fgets(password, READ_BUF_SIZE, stream);
|
||||
if (result != NULL) {
|
||||
password = result;
|
||||
}
|
||||
}
|
||||
gboolean enabled = g_key_file_get_boolean(accounts, name, "enabled", NULL);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user