fixed a potential buffer overflow bug on the stack (thanks to Ghassan Misherg)

[slock.git] / slock.c

diff --git a/slock.c b/slock.c
index aafc7c0a765bfb3504e4908c931fb9cff9adbb47..94cb26ba61c3fa76a6ab448c99ea097cd87bcdaa 100644 (file)
--- a/slock.c
+++ b/slock.c
@@ -1,4 +1,4 @@
-/* (C)opyright MMIV-MMV Anselm R. Garbe <garbeam at gmail dot com>
+/* (C)opyright MMVI-MMVII Anselm R. Garbe <garbeam at gmail dot com>
  * See LICENSE file for license details.
  */
 #define _XOPEN_SOURCE 500
@@ -122,7 +122,7 @@ main(int argc, char **argv) {
                                        --len;
                                break;
                        default:
-                               if(num && !iscntrl((int) buf[0])) {
+                               if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { 
                                        memcpy(passwd + len, buf, num);
                                        len += num;
                                }