Added strncpy safety and changed some sizes of struct members

author: Antony Kellermann 2018-08-25 09:47:00 -0400
committer: Antony Kellermann 2018-08-25 09:47:00 -0400
commit: b231f8f4e4bcce0cd19b8ff48273572085b9d510 (patch)
tree: 487a27b621bb961cba459f8b82adfd6aeb8cd9f9
parent: 100e2d371788a03b8db3eca0f7f8c284d3b91b03 (diff)
download: aur-b231f8f4e4bcce0cd19b8ff48273572085b9d510.tar.gz
2 files changed, 13 insertions, 7 deletions
diff --git a/api.c b/api.c
index 49f85bc7583c..40454c2c822a 100644
--- a/api.c
+++ b/api.c
@@ -281,7 +281,9 @@ void* coinmarketcap_store_info(void* vpInfo) {
 
     Json* jobj = json_tokener_parse(pString->data);
     Json* data = json_object_array_get_idx(jobj, 0);
-    strcpy(symbol_info->name, json_object_get_string(json_object_object_get(data, "name")));
+    strncpy(symbol_info->name, json_object_get_string(json_object_object_get(data, "name")),
+            NAME_MAX_LENGTH - 1);
+    symbol_info->name[NAME_MAX_LENGTH - 1] = '\0';
     strcpy(symbol_info->symbol, json_object_get_string(json_object_object_get(data, "symbol")));
     symbol_info->price = strtod(json_object_get_string(json_object_object_get(data, "price_usd")), NULL);
     symbol_info->price_last_close = symbol_info->price /
@@ -420,7 +422,9 @@ Ref_Data* iex_get_valid_symbols(void) {
         idx = json_object_array_get_idx(jobj, i);
         strcpy(pRef_Data->symbols[i], json_object_get_string(json_object_object_get(idx,
                 "symbol")));
-        strcpy(pRef_Data->names[i], json_object_get_string(json_object_object_get(idx, "name")));
+        strncpy(pRef_Data->names[i], json_object_get_string(json_object_object_get(idx, "name")),
+                NAME_MAX_LENGTH -1);
+        pRef_Data->names[i][NAME_MAX_LENGTH - 1] = '\0';
     }
 
     json_object_put(jobj);
@@ -514,8 +518,10 @@ void info_store_company_from_json(Info* pInfo, const Json* jcompany) {
 
     if (jsymbol != NULL)
         strcpy(pInfo->symbol, json_object_get_string(jsymbol));
-    if (jname != NULL)
-        strcpy(pInfo->name, json_object_get_string(jname));
+    if (jname != NULL) {
+        strncpy(pInfo->name, json_object_get_string(jname), NAME_MAX_LENGTH - 1);
+        pInfo->name[NAME_MAX_LENGTH -1] = '\0';
+    }
     if (jindustry != NULL)
         strcpy(pInfo->industry, json_object_get_string(jindustry));
     if (jwebsite != NULL)
diff --git a/api.h b/api.h
index c8f89483b606..72a250d892c8 100644
--- a/api.h
+++ b/api.h
@@ -60,10 +60,10 @@ struct info {
     /* Company */
     char symbol[SYMBOL_MAX_LENGTH];     // ex. AAPL
     char name[NAME_MAX_LENGTH];         // ex. Apple Inc.
-    char industry[INFO_TEXT_MAX];       // ex. Computer Hardware
+    char industry[NAME_MAX_LENGTH];       // ex. Computer Hardware
     char website[URL_MAX_LENGTH];       // ex. apple.com
     char description[INFO_TEXT_MAX];    // Paragraph description of company
-    char ceo[INFO_TEXT_MAX];            // ex. Timothy D. Cook
+    char ceo[NAME_MAX_LENGTH];            // ex. Timothy D. Cook
     char issue_type[3];                 /* ad – American Depository Receipt (ADR’s)
                                            re – Real Estate Investment Trust (REIT’s)
                                            ce – Closed end fund (Stock and Bond Fund)
@@ -74,7 +74,7 @@ struct info {
                                            (blank) = Not Available, i.e., Warrant, Note, or (non-filing)
                                            Closed Ended Funds
                                         */
-    char sector[INFO_TEXT_MAX];         // ex. Technology
+    char sector[NAME_MAX_LENGTH];         // ex. Technology
 
     /* Quote */
     int64_t intraday_time;              // Unix timestamp of current price
author	Antony Kellermann	2018-08-25 09:47:00 -0400
committer	Antony Kellermann	2018-08-25 09:47:00 -0400
commit	b231f8f4e4bcce0cd19b8ff48273572085b9d510 (patch)
tree	487a27b621bb961cba459f8b82adfd6aeb8cd9f9
parent	100e2d371788a03b8db3eca0f7f8c284d3b91b03 (diff)
download	aur-b231f8f4e4bcce0cd19b8ff48273572085b9d510.tar.gz