From 0e4306dd5162a2850e623bf3082b3f7291aaad45 Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Mon, 5 Apr 2010 00:08:34 +0200
Subject: [PATCH] gui: Simplify handle_command() and avoid a buffer overflow.

It's not save to use strcpy() here.
---
 gui.c | 42 ++++++++++++++++++++----------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/gui.c b/gui.c
index 5b44819c..8272fee7 100644
--- a/gui.c
+++ b/gui.c
@@ -1348,31 +1348,29 @@ static void handle_command(int c)
 
 	/* first check user's key bindings */
 	for (i = 0; i < conf.key_map_given; ++i) {
-		char tmp[MAXLINE], *handler, *arg;
+		char *tmp, *handler, *arg;
 
-		strcpy(tmp, conf.key_map_arg[i]);
-		if (!split_key_map(tmp, &handler, &arg))
+		tmp = para_strdup(conf.key_map_arg[i]);
+		if (!split_key_map(tmp, &handler, &arg)) {
+			free(tmp);
 			return;
-		if (!strcmp(tmp, km_keyname(c))) {
-			if (*handler == 'd') {
-				display_cmd(arg);
-				return;
-			}
-			if (*handler == 'x') {
-				external_cmd(arg);
-				return;
-			}
-			if (*handler == 'p') {
-				client_cmd_cmdline(arg);
-				return;
-			}
-			if (*handler == 'i') {
-				int num = find_cmd_byname(arg);
-				if (num >= 0)
-					command_list[num].handler();
-				return;
-			}
 		}
+		if (strcmp(tmp, km_keyname(c))) {
+			free(tmp);
+			continue;
+		}
+		if (*handler == 'd')
+			display_cmd(arg);
+		else if (*handler == 'x')
+			external_cmd(arg);
+		else if (*handler == 'p')
+			client_cmd_cmdline(arg);
+		else if (*handler == 'i') {
+			int num = find_cmd_byname(arg);
+			if (num >= 0)
+				command_list[num].handler();
+		}
+		free(tmp);
 	}
 	/* not found, check internal key bindings */
 	for (i = 0; command_list[i].handler; i++) {
-- 
2.30.2