Commit d075847c1ed4c7ce21dd22d97b3274f3a58d99ce
Fix possible buffer overrun in ipc:ipc_send()
CID 1357716 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
fixed_size_dest: You might overrun the 8192-character fixed-size string
&pkg[len] by copying *data without checking the length.
parameter_as_source: Note: This defect has an elevated risk
because the source argument is a parameter of the current function.
Author: xaizek
Author date (UTC): 2016-07-15 17:47
Committer name: xaizek
Committer date (UTC): 2016-07-15 17:47
Parent(s): e5a0be7630bf9fe17efa8340b04665e8e2e792a0
Signing key: 99DC5E4DB05F6BE2
Tree: 6dff84d6757ec821c9f628e8d5c7b98ee679325b
File src/ipc.c changed (mode: 100644) (index 1ca0e2772..f07fe9ab1) |
... |
... |
ipc_send(const char whom[], char *data[]) |
435 |
435 |
|
|
436 |
436 |
while(*data != NULL) |
while(*data != NULL) |
437 |
437 |
{ |
{ |
438 |
|
strcpy(pkg + len, *data); |
|
439 |
|
len += strlen(*data) + 1; |
|
440 |
|
data++; |
|
|
438 |
|
len += copy_str(pkg + len, sizeof(pkg) - len, *data); |
|
439 |
|
++data; |
441 |
440 |
} |
} |
442 |
441 |
pkg[len++] = '\0'; |
pkg[len++] = '\0'; |
443 |
442 |
|
|
File src/utils/str.c changed (mode: 100644) (index 2cc8f808c..e766e76a6) |
... |
... |
has_uppercase_letters(const char str[]) |
825 |
825 |
size_t |
size_t |
826 |
826 |
copy_str(char dst[], size_t dst_len, const char src[]) |
copy_str(char dst[], size_t dst_len, const char src[]) |
827 |
827 |
{ |
{ |
828 |
|
/* XXX: shouldn't we return "strlen(src)" instead "0U"? */ |
|
|
828 |
|
/* XXX: shouldn't we return "strlen(src)" instead of "0U"? */ |
829 |
829 |
return (dst == src) ? 0U : copy_substr(dst, dst_len, src, '\0'); |
return (dst == src) ? 0U : copy_substr(dst, dst_len, src, '\0'); |
830 |
830 |
} |
} |
831 |
831 |
|
|