git.strcat.st

/strcat/minitox.git/ - summarytreelogarchive

subject
clamp group peer names and use snprintf for prompts
commit
8fd94c1eb67ca0655f8ff7e90612e568fe79bf71
date
2026-04-18T16:47:48Z
message


diff
 minitox.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/minitox.c b/minitox.c
index 963a5c3..cd8a85f 100644
--- a/minitox.c
+++ b/minitox.c
@@ -408,7 +408,7 @@ void setup_arepl(void) {
     async_repl->line = malloc(LINE_MAX_SIZE);
     async_repl->prompt = malloc(LINE_MAX_SIZE);
 
-    strcpy(async_repl->prompt, CMD_PROMPT);
+    snprintf(async_repl->prompt, async_repl->sz, "%s", CMD_PROMPT);
 
     // stdin and stdout may share the same file obj,
     // reopen stdin to avoid accidentally getting stdout modified.
@@ -641,7 +641,7 @@ void friend_name_cb(Tox *tox, uint32_t friend_num, const uint8_t *name, size_t l
         sprintf(f->name, "%.*s", (int)length, (char*)name);
         if (GEN_INDEX(friend_num, TALK_TYPE_FRIEND) == TalkingTo) {
             INFO("* Opposite changed name to %.*s", (int)length, (char*)name)
-            sprintf(async_repl->prompt, FRIEND_TALK_PROMPT, f->name);
+            snprintf(async_repl->prompt, async_repl->sz, FRIEND_TALK_PROMPT, f->name);
         }
     }
 }
@@ -715,7 +715,7 @@ void group_title_cb(Tox *tox, uint32_t group_num, uint32_t peer_number, const ui
         sprintf(cf->title, "%.*s", (int)length, (char*)title);
         if (GEN_INDEX(group_num, TALK_TYPE_GROUP) == TalkingTo) {
             INFO("* Group title changed to %s", cf->title);
-            sprintf(async_repl->prompt, GROUP_TALK_PROMPT, cf->title);
+            snprintf(async_repl->prompt, async_repl->sz, GROUP_TALK_PROMPT, cf->title);
         }
     }
 }
@@ -783,7 +783,12 @@ void group_peer_name_cb(Tox *tox, uint32_t group_num, uint32_t peer_num, const u
     }
 
     struct GroupPeer *p = &cf->peers[peer_num];
-    sprintf(p->name, "%.*s", (int)length, (char*)name);
+    size_t name_len = length;
+    if (name_len > TOX_MAX_NAME_LENGTH) {
+        name_len = TOX_MAX_NAME_LENGTH;
+    }
+    memcpy(p->name, name, name_len);
+    p->name[name_len] = '\0';
 }
 
 
@@ -1085,7 +1090,7 @@ void command_save(int narg, char **args) {
 void command_go(int narg, char **args) {
     if (narg == 0) {
         TalkingTo = TALK_TYPE_NULL;
-        strcpy(async_repl->prompt, CMD_PROMPT);
+        snprintf(async_repl->prompt, async_repl->sz, "%s", CMD_PROMPT);
         return;
     }
     uint32_t contact_idx;
@@ -1096,7 +1101,7 @@ void command_go(int narg, char **args) {
             struct Friend *f = getfriend(num);
             if (f) {
                 TalkingTo = contact_idx;
-                sprintf(async_repl->prompt, FRIEND_TALK_PROMPT, f->name);
+                snprintf(async_repl->prompt, async_repl->sz, FRIEND_TALK_PROMPT, f->name);
                 return;
             }
             break;
@@ -1105,7 +1110,7 @@ void command_go(int narg, char **args) {
             struct Group *cf = getgroup(num);
             if (cf) {
                 TalkingTo = contact_idx;
-                sprintf(async_repl->prompt, GROUP_TALK_PROMPT, cf->title);
+                snprintf(async_repl->prompt, async_repl->sz, GROUP_TALK_PROMPT, cf->title);
                 return;
             }
             break;