diff options
| -rw-r--r-- | src/common.c | 3 | ||||
| -rw-r--r-- | src/common.h | 5 | ||||
| -rw-r--r-- | src/config/accounts.c | 9 |
3 files changed, 11 insertions, 6 deletions
diff --git a/src/common.c b/src/common.c index 8b0f186f..ffd12899 100644 --- a/src/common.c +++ b/src/common.c @@ -50,9 +50,6 @@ #include "log.h" #include "common.h" -// assume malloc stores at most 8 bytes for size of allocated memory -// and page size is at least 4KB -#define READ_BUF_SIZE 4088 struct curl_data_t { diff --git a/src/common.h b/src/common.h index 6497e666..55451dea 100644 --- a/src/common.h +++ b/src/common.h @@ -59,6 +59,11 @@ #define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0])) +// assume malloc stores at most 8 bytes for size of allocated memory +// and page size is at least 4KB +#define READ_BUF_SIZE 4088 + + #define FREE_SET_NULL(resource) \ do { \ free(resource); \ diff --git a/src/config/accounts.c b/src/config/accounts.c index 784651ad..2e7092a5 100644 --- a/src/config/accounts.c +++ b/src/config/accounts.c @@ -230,9 +230,12 @@ accounts_get_account(const char * const name) // Evaluate as shell command to retrieve password if (eval_password != NULL) { FILE *stream = popen(eval_password, "r"); - // Limit to 100 bytes to prevent overflows in the case of a poorly chosen command - password = g_malloc(100); - password = fgets(password, 100, stream); + // Limit to READ_BUF_SIZE bytes to prevent overflows in the case of a poorly chosen command + password = g_malloc(READ_BUF_SIZE); + gchar *result = fgets(password, READ_BUF_SIZE, stream); + if (result != NULL) { + password = result; + } } gboolean enabled = g_key_file_get_boolean(accounts, name, "enabled", NULL); |