zeekling/hiredis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Auto merge of #391 - redis:catch-error-buf-overflow, r=badboy

Browse Source 
Prevent buffer overflow when formatting the error

strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte).
Also strncat appends after the first found nul byte. But all we pass is
a buffer we might not have zeroed out already.

Closes #380
This commit is contained in:
not-a-robot 2016-04-20 15:31:23 +02:00
commit 36bddcf6ed
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hiredis.h
View File

@ -98,8 +98,8 @@
* then GNU strerror_r returned an internal static buffer and we \ * then GNU strerror_r returned an internal static buffer and we \
* need to copy the result into our private buffer. */ \ * need to copy the result into our private buffer. */ \
if (err_str != (buf)) { \ if (err_str != (buf)) { \
buf[(len)] = '\0'; \ strncpy((buf), err_str, ((len) - 1)); \
strncat((buf), err_str, ((len) - 1)); \ buf[(len)-1] = '\0'; \
} \ } \
} while (0) } while (0)
#endif #endif