From c9891297216d595885f30300bfde65c90957912b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Rafa=C5=82=20D=C5=82ugo=C5=82=C4=99cki?=
 <kontakt@dlugolecki.net.pl>
Date: Wed, 10 Jul 2013 16:28:25 +0200
Subject: [PATCH] Fixed possible buffer overflows. Moved config_init past
 checking if config file exists.

---
 src/kernel/kernel.cpp | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/kernel/kernel.cpp b/src/kernel/kernel.cpp
index 7e83ebc..1de50af 100644
--- a/src/kernel/kernel.cpp
+++ b/src/kernel/kernel.cpp
@@ -297,8 +297,6 @@ void QKernel::LoadConfig(char * fname)
   config_t cfg;
   const char *str;
 
-  config_init(&cfg);
-  
   /* Hack for checking if file exists without using external libs.*/
   FILE * file = fopen(fname, "r");
   if (!file) {
@@ -308,6 +306,8 @@ void QKernel::LoadConfig(char * fname)
   /* File exists, so file has been locked. Release it. */
   fclose(file);
   
+  config_init(&cfg);
+  
   /* Read the file. If there is an error, report it and exit. */
   if(!config_read_file(&cfg, fname)) 
   {
@@ -332,23 +332,21 @@ void QKernel::LoadConfig(char * fname)
   
   
   if(config_lookup_string(&cfg, "host", &str)) {
-    char host[255];
-    strcpy(host, str);//FIXME: buffer overflow
-    ConnectList.append(new ConnectEntry(host));
+    ConnectList.append(new ConnectEntry((char*)str));
   }
   else {
     AppConfiguration::error(&cfg);
   }
   
   if(config_lookup_string(&cfg, "progdir", &str)){
-    strcpy(progdir, str);//FIXME: buffer overflow
+    strncpy(progdir, str, 256);
   }
   else {
     AppConfiguration::error(&cfg);
   }
   
   if(config_lookup_string(&cfg, "homedir", &str)){
-    strcpy(HomeDir, str);//FIXME: buffer overflow
+    strncpy(HomeDir, str, 255);
   }
   else {
     AppConfiguration::error(&cfg);
-- 
2.30.2