mirror of
https://github.com/DreamMaoMao/maomaowm.git
synced 2026-05-02 06:46:29 -04:00
5597a5ab80
Closes security vulnerabilities and documentation gaps: 1. Remove shell expansion from config-driven exec/exec-once - Eliminate wordexp() usage in spawn() - Add split_argv_noexpand() for safe argument parsing - Change run_exec() and run_exec_once() to use spawn() instead of spawn_shell() - Prevents shell injection and expansion-based DoS 2. Fix null-termination in chvt_backup_selmon - Add explicit null-terminator after strncpy() in chvt() - Prevents out-of-bounds read when used in regex_match() 3. Add regression test - New test_chvt_backup_selmon unit test to verify null-termination logic - Integrate tests into meson.build 4. Translate Chinese comments to English - Update IMPLEMENTATION_SUMMARY.md to remove Chinese text - Improves accessibility for international contributors 5. Update documentation - Update REVIEW_FINDINGS.md with English versions of examples - Remove wordexp include from meson.c headers (no longer needed)
29 lines
512 B
C
29 lines
512 B
C
#include <string.h>
|
|
|
|
static void copy_monitor_name(char *dst, size_t dst_size, const char *src) {
|
|
if (!dst || dst_size == 0)
|
|
return;
|
|
if (!src) {
|
|
dst[0] = '\0';
|
|
return;
|
|
}
|
|
strncpy(dst, src, dst_size - 1);
|
|
dst[dst_size - 1] = '\0';
|
|
}
|
|
|
|
int main(void) {
|
|
char buf[32];
|
|
char src[64];
|
|
|
|
memset(src, 'A', sizeof(src) - 1);
|
|
src[sizeof(src) - 1] = '\0';
|
|
|
|
copy_monitor_name(buf, sizeof(buf), src);
|
|
|
|
if (buf[sizeof(buf) - 1] != '\0')
|
|
return 1;
|
|
if (strlen(buf) != sizeof(buf) - 1)
|
|
return 2;
|
|
|
|
return 0;
|
|
}
|