From: Thadeu Lima de Souza Cascardo <cascardo@cascardo.info>
Date: Thu, 17 Oct 2013 21:13:07 +0000 (-0300)
Subject: Guarantee command buffer is a string.
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Ff2fchat.git;a=commitdiff_plain;h=985ac6d68d47c3701e8fdc8e42305effd4887498

Guarantee command buffer is a string.

We receive a command from the network and, thus, need to validate it's a
proper string.
---

diff --git a/message.c b/message.c
index 2074549..1d6c22e 100644
--- a/message.c
+++ b/message.c
@@ -38,6 +38,8 @@ static void command(char *buffer, size_t len, GSocketAddress *address)
 {
 	gchar **args;
 	args = g_strsplit(buffer, " ", -1);
+	if (args == NULL)
+		return;
 	menu_run(args, address);
 	g_strfreev(args);
 }
@@ -55,8 +57,9 @@ gboolean message_incoming(GIOChannel *channel, GIOCondition cond, gpointer data)
 	if (len <= 0) {
 		goto out;
 	}
-	buffer = g_malloc(len);
+	buffer = g_malloc(len + 1);
 	len = g_socket_receive_from(gusock, &address, buffer, len, NULL, NULL);
+	buffer[len] = 0;
 	iaddress = g_inet_socket_address_get_address(G_INET_SOCKET_ADDRESS(address));
 	if (g_inet_address_get_is_loopback(iaddress)) {
 		command(buffer, len, address);