search

Smartling / ios-i18n

The ios-i18n library provides seamless integration of plurals into iOS 6 apps.
http://www.smartling.com
Apache License 2.0
205 stars 41 forks source link

replace strcat with strlcat #31

Open redwud opened 7 years ago

redwud commented 7 years ago

Hi there,

To prevent future buffer overflows, I think it would be best to use strlcat() instead of strcat(). Reference: https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strcpy-and-strcat

Thanks!

redwud commented 7 years ago 
diff --git a/Smartling.i18n/NSBundle+Smartling_i18n.m b/Smartling.i18n/NSBundle+Smartling_i18n.m
index 74a5cf0..b63fb62 100644
--- a/Smartling.i18n/NSBundle+Smartling_i18n.m
+++ b/Smartling.i18n/NSBundle+Smartling_i18n.m
@@ -79,8 +79,8 @@ - (NSString *)_pluralizedStringWithKey:(NSString *)key

  const char* form = pluralformf([lang cStringUsingEncoding:NSASCIIStringEncoding], pluralValue);
  char suffix[16] = "##{";
- strcat(suffix, form);
- strcat(suffix, "}");
+ strlcat(suffix, form, sizeof(suffix));
+ strlcat(suffix, "}", sizeof(suffix));
  NSString *keyVariant = [key stringByAppendingString:[NSString stringWithUTF8String:suffix]];
  NSDictionary *dict = [self stringsWithContentsOfFile:tableName forLocalization:locale];
  NSString *ls = dict[keyVariant];
redwud commented 7 years ago

@emilienh I will gladly appreciate if you can consider these simple changes and make this library a little secure.