Changeset 5830:a34322211d3d in roaraudio for libroar/config.c


Ignore:
Timestamp:
01/06/13 15:28:15 (7 years ago)
Author:
phi
Branch:
default
Message:

fix possible buffer overflow (which can lead in stack overwrite) caused by ignoring buffer length in write-loop.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • libroar/config.c

    r5828 r5830  
    561561 char * ret, * p; 
    562562 
     563 ROAR_DBG("roar_libroar_get_path(name='%s', null_as_universal=%i, product='%s', provider='%s') = ?", name, null_as_universal, product, provider); 
     564 
    563565 if ( name == NULL ) { 
    564   roar_err_set(ROAR_ERROR_NOENT); 
     566  roar_err_set(ROAR_ERROR_FAULT); 
    565567  return NULL; 
    566568 } 
     
    612614 ssize_t idx = 0; 
    613615 
     616 ROAR_DBG("roar_libroar_list_path(list=%p, len=%lu, offset=%lu) = ?", list, (long unsigned int)len, (long unsigned int)offset); 
     617 
    614618 if ( list == NULL ) { 
    615619  roar_err_set(ROAR_ERROR_FAULT); 
     
    623627  return 0; 
    624628 
    625  for (i = offset; i < (sizeof(__paths)/sizeof(*__paths)); i++) { 
     629 for (i = offset; idx < len && i < (sizeof(__paths)/sizeof(*__paths)); i++) { 
    626630  list[idx++] = __paths[i].name; 
    627631 } 
Note: See TracChangeset for help on using the changeset viewer.