Fix possible bufferoverflow in capi
Debian sid capi20-msg2str-safety.patch Signed-off-by: Karsten Keil <kkeil@linux-pingi.de>
This commit is contained in:
parent
a78009a537
commit
166796d269
|
@ -322,6 +322,10 @@ char *capi_info2str(_cword reason);
|
|||
#define capi20_cmd2str capi_cmd2str
|
||||
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
|
||||
|
||||
/*
|
||||
* WARNING: The following two functions use a single static buffer and
|
||||
* are not thread-safe.
|
||||
*/
|
||||
#define capi20_cmsg2str capi_cmsg2str
|
||||
char *capi_cmsg2str(_cmsg * cmsg);
|
||||
|
||||
|
|
|
@ -897,10 +897,14 @@ static char *p = 0;
|
|||
static void bufprint(char *fmt,...)
|
||||
{
|
||||
va_list f;
|
||||
size_t space = buf + sizeof(buf) - p, len;
|
||||
va_start(f, fmt);
|
||||
vsprintf(p, fmt, f);
|
||||
len = vsnprintf(p, space, fmt, f);
|
||||
va_end(f);
|
||||
p += strlen(p);
|
||||
if (len < space - 1)
|
||||
p += len;
|
||||
else
|
||||
p += space - 1;
|
||||
}
|
||||
|
||||
static void printstructlen(_cbyte * m, unsigned len)
|
||||
|
|
|
@ -370,6 +370,10 @@ char *capi_info2str(_cword reason);
|
|||
#define capi20_cmd2str capi_cmd2str
|
||||
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
|
||||
|
||||
/*
|
||||
* WARNING: The following two functions use a single static buffer and
|
||||
* are not thread-safe.
|
||||
*/
|
||||
#define capi20_cmsg2str capi_cmsg2str
|
||||
char *capi_cmsg2str(_cmsg * cmsg);
|
||||
|
||||
|
|
|
@ -842,10 +842,14 @@ static char *p = 0;
|
|||
static void bufprint(char *fmt,...)
|
||||
{
|
||||
va_list f;
|
||||
size_t space = buf + sizeof(buf) - p, len;
|
||||
va_start(f, fmt);
|
||||
vsprintf(p, fmt, f);
|
||||
len = vsnprintf(p, space, fmt, f);
|
||||
va_end(f);
|
||||
p += strlen(p);
|
||||
if (len < space - 1)
|
||||
p += len;
|
||||
else
|
||||
p += space - 1;
|
||||
}
|
||||
|
||||
static void printstructlen(_cbyte * m, unsigned len)
|
||||
|
|
Loading…
Reference in New Issue