vm-file-editor: fix potential buffer overflow

If we're being sent something without a zero byte, we could happily read off the end of the buffer. Interestingly, the write part was checking for the max bound.
2013-12-29 07:06:26 -05:00 · 2013-12-29 07:06:26 -05:00 · 11b8f9be20
commit 11b8f9be20
parent c9a25b8915
1 changed files with 2 additions and 1 deletions
--- a/qubes-rpc/vm-file-editor.c
+++ b/qubes-rpc/vm-file-editor.c
@ -28,11 +28,12 @@ char *get_filename()
 	int i;
 	if (!read_all(0, buf, sizeof(buf)))
 		exit(1);
+	buf[DVM_FILENAME_SIZE-1] = 0;
 	if (index(buf, '/')) {
 		fprintf(stderr, "filename contains /");
 		exit(1);
 	}
-	for (i=0; i < DVM_FILENAME_SIZE && buf[i]!=0; i++) {
+	for (i=0; buf[i]!=0; i++) {
 		// replace some characters with _ (eg mimeopen have problems with some of them)
 		if (index(" !?\"#$%^&*()[]<>;`~", buf[i]))
 			buf[i]='_';