From 985ac6d68d47c3701e8fdc8e42305effd4887498 Mon Sep 17 00:00:00 2001 From: Thadeu Lima de Souza Cascardo Date: Thu, 17 Oct 2013 18:13:07 -0300 Subject: [PATCH] Guarantee command buffer is a string. We receive a command from the network and, thus, need to validate it's a proper string. --- message.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/message.c b/message.c index 2074549..1d6c22e 100644 --- a/message.c +++ b/message.c @@ -38,6 +38,8 @@ static void command(char *buffer, size_t len, GSocketAddress *address) { gchar **args; args = g_strsplit(buffer, " ", -1); + if (args == NULL) + return; menu_run(args, address); g_strfreev(args); } @@ -55,8 +57,9 @@ gboolean message_incoming(GIOChannel *channel, GIOCondition cond, gpointer data) if (len <= 0) { goto out; } - buffer = g_malloc(len); + buffer = g_malloc(len + 1); len = g_socket_receive_from(gusock, &address, buffer, len, NULL, NULL); + buffer[len] = 0; iaddress = g_inet_socket_address_get_address(G_INET_SOCKET_ADDRESS(address)); if (g_inet_address_get_is_loopback(iaddress)) { command(buffer, len, address); -- 2.20.1