ZynAddSubFX: fixed possible buffer overflow

bankdir could be overflowed in the strncat function since the length limit is not correctly specified. Closes #3510466.
2012-05-20 18:55:30 +02:00
parent 02db2fbd2f
commit 8b66dfc860
1 changed files with 2 additions and 2 deletions
--- a/plugins/zynaddsubfx/src/Misc/Bank.cpp
+++ b/plugins/zynaddsubfx/src/Misc/Bank.cpp
@@ -337,9 +337,9 @@ int Bank::newbank(const char *newbankdirname)

    if(((bankdir[strlen(bankdir) - 1]) != '/')
       && ((bankdir[strlen(bankdir) - 1]) != '\\'))
-        strncat(bankdir, "/", MAX_STRING_SIZE);
+        strncat(bankdir, "/", MAX_STRING_SIZE - strlen(bankdir) - 1 );
    ;
-    strncat(bankdir, newbankdirname, MAX_STRING_SIZE);
+    strncat(bankdir, newbankdirname, MAX_STRING_SIZE - strlen(bankdir) - 1);
 #ifdef OS_WINDOWS
    result = mkdir(bankdir);
 #else