fixed strlen-bomb in run_command

Aaron Marcher info@nulltime.net

Mon, 15 Aug 2016 12:59:45 +0200

commit

df928892e8dd689416cab464cc05284997c0c188

parent

086a70cde0a887a55d5554109e483c19bc6ad8c2

1 files changed, 10 insertions(+), 1 deletions(-)

jump to

slstatus.c

M slstatus.c → slstatus.c

@@ -453,6 +453,7 @@ /* custom shell command */
 char *
 run_command(const char* command)
 {
+    int good;
 	FILE *fp;
 	char buffer[64];
 
@@ -469,7 +470,15 @@ /* close it again */
 	pclose(fp);
 
     /* add nullchar at the end */
-	buffer[strlen(buffer) - 1] = '\0';
+    for (int i = 0 ; i != sizeof(buffer) ; i++) {
+        if (buffer[i] == '\0') {
+            good = 1;
+            break;
+        }
+    }
+    if (good) {
+        buffer[strlen(buffer) - 1] = '\0';
+    }
 
     /* return the output */
 	return smprintf("%s", buffer);

all repos — slstatus @ df928892e8dd689416cab464cc05284997c0c188

my build of slstatus (tools.suckless.org/slstatus/)