Prevent buffer overflow when formatting the error

strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte). Also strncat appends after the first found nul byte. But all we pass is a buffer we might not have zeroed out already. Closes #380
2015-11-18 14:36:52 +01:00 · 2015-11-18 14:36:52 +01:00 · 0335cb3e98
commit 0335cb3e98
parent 4b3786d57e
1 changed files with 2 additions and 2 deletions
--- a/hiredis.h
+++ b/hiredis.h
@ -98,8 +98,8 @@
         * then GNU strerror_r returned an internal static buffer and we       \
         * need to copy the result into our private buffer. */                 \
        if (err_str != (buf)) {                                                \
-            buf[(len)] = '\0';                                                 \
-            strncat((buf), err_str, ((len) - 1));                              \
+            strncpy((buf), err_str, ((len) - 1));                              \
+            buf[(len)-1] = '\0';                                               \
        }                                                                      \
    } while (0)
 #endif