From: Peter Howkins <flibble@users.sf.net>
Date: Sun, 29 Apr 2018 01:11:23 +0000 (+0100)
Subject: dtsession: A few extra snprintf's for buffer safety
X-Git-Tag: 2.2.4a~49
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f2c6a48d7214f182a05a90d3b26fe6c8a28a6ca7;p=oweals%2Fcde.git

dtsession: A few extra snprintf's for buffer safety
---

diff --git a/cde/programs/dtsession/SmGlobals.c b/cde/programs/dtsession/SmGlobals.c
index dad30b18..c4060558 100644
--- a/cde/programs/dtsession/SmGlobals.c
+++ b/cde/programs/dtsession/SmGlobals.c
@@ -1106,7 +1106,7 @@ SetSavePath(
 	     * runs a Current session and saves the session.
 	     */
 	    strcpy (savedDir, smGD.clientPath);
-            sprintf(smGD.etcPath, "%s.%s", smGD.clientPath, SM_OLD_EXTENSION);
+            snprintf(smGD.etcPath, sizeof(smGD.etcPath), "%s.%s", smGD.clientPath, SM_OLD_EXTENSION);
             status = stat(smGD.etcPath, &buf);
             if(status == 0)
 	    {
@@ -1180,7 +1180,7 @@ SetSavePath(
 	     */
 	    char 		* tmpName;
 
-            sprintf(smGD.etcPath, "%s.%s", smGD.clientPath, SM_OLD_EXTENSION);
+            snprintf(smGD.etcPath, sizeof(smGD.etcPath), "%s.%s", smGD.clientPath, SM_OLD_EXTENSION);
             status = stat(smGD.etcPath, &buf);
             if(status == 0)
 	    {
@@ -1189,7 +1189,7 @@ SetSavePath(
               len = strlen(smGD.savePath) + strlen(smGD.restoreSession) 
                 + strlen("XXXXXX") + 3;
               tmpName = (char *) XtCalloc(1, len);
-              sprintf(tmpName, "%s/%s.XXXXXX", smGD.savePath, 
+              snprintf(tmpName, len, "%s/%s.XXXXXX", smGD.savePath, 
                       smGD.restoreSession);
 
               strcpy (savedOldDir, smGD.etcPath);
@@ -1702,7 +1702,7 @@ TrimErrorlog( void )
      */
     if (len + strlen(DtERRORLOG_FILE) > MAXPATHLEN)
       checkPath1 = SM_REALLOC(savePath, len + strlen(DtERRORLOG_FILE));
-    sprintf(checkPath1, "%s/%s", savePath, DtERRORLOG_FILE);
+    snprintf(checkPath1, len + strlen(DtERRORLOG_FILE), "%s/%s", savePath, DtERRORLOG_FILE);
 
     status = stat(checkPath1, &buf);
     if((status != -1) && (buf.st_size > 0))
diff --git a/cde/programs/dtsession/SmRestore.c b/cde/programs/dtsession/SmRestore.c
index cd84590f..011b3765 100644
--- a/cde/programs/dtsession/SmRestore.c
+++ b/cde/programs/dtsession/SmRestore.c
@@ -3512,7 +3512,7 @@ StartClient(
               {
                 int slen = strlen(tstr) + 1;
                 defaultCwd = XtCalloc(1, slen);
-                strncpy(defaultCwd, tstr, slen - 1);
+                snprintf(defaultCwd, slen, "%s", tstr);
               }
             else
               defaultCwd = getcwd (NULL, MAXPATHLEN + 1);
diff --git a/cde/programs/dtsession/SmXSMP.c b/cde/programs/dtsession/SmXSMP.c
index 402b25f8..cc7b14fe 100644
--- a/cde/programs/dtsession/SmXSMP.c
+++ b/cde/programs/dtsession/SmXSMP.c
@@ -238,10 +238,10 @@ Boolean InitXSMP ( )
 	if (!env) {
 		free (networkIds);
 		PostXSMPFailureDialog (XSMP_FAILURE_MALLOC, False);
+	} else {
+		(void) sprintf (env, "%s=%s", SM_SESSION_MANAGER, networkIds);
+		(void) putenv (env);
 	}
-	
-	(void) sprintf (env, "%s=%s", SM_SESSION_MANAGER, networkIds);
-	(void) putenv (env);
 
 	PutSessionManagerOnRootWindow (networkIds);