fixed a potential security flaw
authorAnselm R. Garbe <arg@suckless.org>
Thu, 10 May 2007 11:47:44 +0000 (13:47 +0200)
committerAnselm R. Garbe <arg@suckless.org>
Thu, 10 May 2007 11:47:44 +0000 (13:47 +0200)
client.c

index 03d158f..64da343 100644 (file)
--- a/client.c
+++ b/client.c
@@ -365,16 +365,18 @@ updatetitle(Client *c) {
                XGetWMName(dpy, c->win, &name);
        if(!name.nitems)
                return;
-       if(name.encoding == XA_STRING)
-               strncpy(c->name, (char *)name.value, sizeof c->name);
+       if(name.encoding == XA_STRING) {
+               strncpy(c->name, (char *)name.value, sizeof c->name - 1);
+       }
        else {
                if(XmbTextPropertyToTextList(dpy, &name, &list, &n) >= Success
                && n > 0 && *list)
                {
-                       strncpy(c->name, *list, sizeof c->name);
+                       strncpy(c->name, *list, sizeof c->name - 1);
                        XFreeStringList(list);
                }
        }
+       c->name[sizeof c->name - 1] = '\0';
        XFree(name.value);
 }