Fix possible bufferoverflow in capi

Debian sid capi20-msg2str-safety.patch

Signed-off-by: Karsten Keil <kkeil@linux-pingi.de>
This commit is contained in:
Karsten Keil 2012-02-25 16:05:43 +01:00
parent a78009a537
commit 166796d269
4 changed files with 20 additions and 4 deletions

View File

@ -322,6 +322,10 @@ char *capi_info2str(_cword reason);
#define capi20_cmd2str capi_cmd2str
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
/*
* WARNING: The following two functions use a single static buffer and
* are not thread-safe.
*/
#define capi20_cmsg2str capi_cmsg2str
char *capi_cmsg2str(_cmsg * cmsg);

View File

@ -897,10 +897,14 @@ static char *p = 0;
static void bufprint(char *fmt,...)
{
va_list f;
size_t space = buf + sizeof(buf) - p, len;
va_start(f, fmt);
vsprintf(p, fmt, f);
len = vsnprintf(p, space, fmt, f);
va_end(f);
p += strlen(p);
if (len < space - 1)
p += len;
else
p += space - 1;
}
static void printstructlen(_cbyte * m, unsigned len)

View File

@ -370,6 +370,10 @@ char *capi_info2str(_cword reason);
#define capi20_cmd2str capi_cmd2str
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
/*
* WARNING: The following two functions use a single static buffer and
* are not thread-safe.
*/
#define capi20_cmsg2str capi_cmsg2str
char *capi_cmsg2str(_cmsg * cmsg);

View File

@ -842,10 +842,14 @@ static char *p = 0;
static void bufprint(char *fmt,...)
{
va_list f;
size_t space = buf + sizeof(buf) - p, len;
va_start(f, fmt);
vsprintf(p, fmt, f);
len = vsnprintf(p, space, fmt, f);
va_end(f);
p += strlen(p);
if (len < space - 1)
p += len;
else
p += space - 1;
}
static void printstructlen(_cbyte * m, unsigned len)