Re: [dev] Re: [st] [PATCH] Avoid buffer overflows in the case of key-mapped strings.

From: Mark Edgar <medgar123_AT_gmail.com>
Date: Mon, 7 Oct 2013 22:30:07 +0200

On Mon, Oct 7, 2013 at 9:17 PM, Roberto E. Vargas Caballero
<k0ga_AT_shike2.com> wrote:
> mk->s is a string that are assigned in config.h, so I don't think we
> should check aginst NULL, because the only way it becomes NULL is
> a stupid user who put a NULL in it, and this case let to the luser
> get a good BOOOOOM!

The other way it is NULL is if the user leaves the string out
completely, in which case it will default-initialize to NULL. Maybe
this is why .s was originally a char array instead of a pointer?

But thinking a bit more, if the button and mask match, then st should
at least stop searching in mshortcuts[]:

  for(mk = mshortcuts; mk < mshortcuts + LEN(mshortcuts); mk++) {
  if(e->xbutton.button == mk->b
  && match(mk->mask, e->xbutton.state)) {
- ttysend(mk->s, strlen(mk->s));
+ if(mk->s)
+ ttysend(mk->s, strlen(mk->s));
  return;

You're right though: given that this is a bad configuration, this
check isn't that important.

     -Mark
Received on Mon Oct 07 2013 - 22:30:07 CEST