about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorPeter Vilim <peterlvilim@users.noreply.github.com>2015-01-07 21:37:35 -0600
committerPeter Vilim <peterlvilim@users.noreply.github.com>2015-01-07 21:37:35 -0600
commit0cb548683c906eb7e48ddfccde4b95f671dea5fc (patch)
tree0dce7c2d92fd90111e4cf0beb0b5d232094b2772
parentb298994ce755d4ddc0c7de882c989e58806c212d (diff)
downloadprofani-tty-0cb548683c906eb7e48ddfccde4b95f671dea5fc.tar.gz
fgets: buffer size
-rw-r--r--src/common.c3
-rw-r--r--src/common.h5
-rw-r--r--src/config/accounts.c9
3 files changed, 11 insertions, 6 deletions
diff --git a/src/common.c b/src/common.c
index 8b0f186f..ffd12899 100644
--- a/src/common.c
+++ b/src/common.c
@@ -50,9 +50,6 @@
 #include "log.h"
 #include "common.h"
 
-// assume malloc stores at most 8 bytes for size of allocated memory
-// and page size is at least 4KB
-#define READ_BUF_SIZE 4088
 
 struct curl_data_t
 {
diff --git a/src/common.h b/src/common.h
index 6497e666..55451dea 100644
--- a/src/common.h
+++ b/src/common.h
@@ -59,6 +59,11 @@
 
 #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
 
+// assume malloc stores at most 8 bytes for size of allocated memory
+// and page size is at least 4KB
+#define READ_BUF_SIZE 4088
+
+
 #define FREE_SET_NULL(resource) \
 do { \
     free(resource); \
diff --git a/src/config/accounts.c b/src/config/accounts.c
index 784651ad..2e7092a5 100644
--- a/src/config/accounts.c
+++ b/src/config/accounts.c
@@ -230,9 +230,12 @@ accounts_get_account(const char * const name)
         // Evaluate as shell command to retrieve password
         if (eval_password != NULL) {
             FILE *stream = popen(eval_password, "r");
-            // Limit to 100 bytes to prevent overflows in the case of a poorly chosen command
-            password = g_malloc(100);
-            password = fgets(password, 100, stream);
+            // Limit to READ_BUF_SIZE bytes to prevent overflows in the case of a poorly chosen command
+            password = g_malloc(READ_BUF_SIZE);
+            gchar *result = fgets(password, READ_BUF_SIZE, stream);
+            if (result != NULL) {
+                password = result;
+            }
         }
         gboolean enabled = g_key_file_get_boolean(accounts, name, "enabled", NULL);