Auto merge of #391 - redis:catch-error-buf-overflow, r=badboy

Prevent buffer overflow when formatting the error

strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte).
Also strncat appends after the first found nul byte. But all we pass is
a buffer we might not have zeroed out already.

Closes #380
This commit is contained in:
not-a-robot 2016-04-20 15:31:23 +02:00
commit 36bddcf6ed

View File

@ -98,8 +98,8 @@
* then GNU strerror_r returned an internal static buffer and we \
* need to copy the result into our private buffer. */ \
if (err_str != (buf)) { \
buf[(len)] = '\0'; \
strncat((buf), err_str, ((len) - 1)); \
strncpy((buf), err_str, ((len) - 1)); \
buf[(len)-1] = '\0'; \
} \
} while (0)
#endif