Auto merge of #391 - redis:catch-error-buf-overflow, r=badboy
Prevent buffer overflow when formatting the error strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte). Also strncat appends after the first found nul byte. But all we pass is a buffer we might not have zeroed out already. Closes #380
This commit is contained in:
commit
36bddcf6ed
@ -98,8 +98,8 @@
|
||||
* then GNU strerror_r returned an internal static buffer and we \
|
||||
* need to copy the result into our private buffer. */ \
|
||||
if (err_str != (buf)) { \
|
||||
buf[(len)] = '\0'; \
|
||||
strncat((buf), err_str, ((len) - 1)); \
|
||||
strncpy((buf), err_str, ((len) - 1)); \
|
||||
buf[(len)-1] = '\0'; \
|
||||
} \
|
||||
} while (0)
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user