CID 22567: Copy into fixed size buffer (STRING_OVERFLOW)

bsdstring replacements, again
2015-10-30 11:09:28 +01:00 · 2015-10-30 11:09:28 +01:00 · b8d7fa5bcc
parent 51f66b8da8
commit b8d7fa5bcc
1 changed files with 5 additions and 4 deletions
--- a/src/names.c
+++ b/src/names.c
@ -357,6 +357,7 @@ static const char *dracoid_name(const unit * u)
 {
    static char name[NAMESIZE + 1]; // FIXME: static return value
    int mid_syllabels;
+    size_t sz;

    /* ignore u */
    u = 0;
@ -364,14 +365,14 @@ static const char *dracoid_name(const unit * u)

    mid_syllabels = rng_int() % 4;

-    strcpy(name, drac_pre[rng_int() % DRAC_PRE]);
+    sz = strlcpy(name, drac_pre[rng_int() % DRAC_PRE], sizeof(name));
    while (mid_syllabels > 0) {
        mid_syllabels--;
        if (rng_int() % 10 < 4)
-            strcat(name, "'");
-        strcat(name, drac_mid[rng_int() % DRAC_MID]);
+            strlcat(name, "'", sizeof(name));
+        sz += strlcat(name, drac_mid[rng_int() % DRAC_MID], sizeof(name));
    }
-    strcat(name, drac_suf[rng_int() % DRAC_SUF]);
+    sz += strlcat(name, drac_suf[rng_int() % DRAC_SUF], sizeof(name));
    return name;
 }