Fix possible bufferoverflow in capi
Debian sid capi20-msg2str-safety.patch Signed-off-by: Karsten Keil <kkeil@linux-pingi.de>
This commit is contained in:
parent
a78009a537
commit
166796d269
|
@ -322,6 +322,10 @@ char *capi_info2str(_cword reason);
|
||||||
#define capi20_cmd2str capi_cmd2str
|
#define capi20_cmd2str capi_cmd2str
|
||||||
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
|
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* WARNING: The following two functions use a single static buffer and
|
||||||
|
* are not thread-safe.
|
||||||
|
*/
|
||||||
#define capi20_cmsg2str capi_cmsg2str
|
#define capi20_cmsg2str capi_cmsg2str
|
||||||
char *capi_cmsg2str(_cmsg * cmsg);
|
char *capi_cmsg2str(_cmsg * cmsg);
|
||||||
|
|
||||||
|
|
|
@ -897,10 +897,14 @@ static char *p = 0;
|
||||||
static void bufprint(char *fmt,...)
|
static void bufprint(char *fmt,...)
|
||||||
{
|
{
|
||||||
va_list f;
|
va_list f;
|
||||||
|
size_t space = buf + sizeof(buf) - p, len;
|
||||||
va_start(f, fmt);
|
va_start(f, fmt);
|
||||||
vsprintf(p, fmt, f);
|
len = vsnprintf(p, space, fmt, f);
|
||||||
va_end(f);
|
va_end(f);
|
||||||
p += strlen(p);
|
if (len < space - 1)
|
||||||
|
p += len;
|
||||||
|
else
|
||||||
|
p += space - 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void printstructlen(_cbyte * m, unsigned len)
|
static void printstructlen(_cbyte * m, unsigned len)
|
||||||
|
|
|
@ -370,6 +370,10 @@ char *capi_info2str(_cword reason);
|
||||||
#define capi20_cmd2str capi_cmd2str
|
#define capi20_cmd2str capi_cmd2str
|
||||||
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
|
char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* WARNING: The following two functions use a single static buffer and
|
||||||
|
* are not thread-safe.
|
||||||
|
*/
|
||||||
#define capi20_cmsg2str capi_cmsg2str
|
#define capi20_cmsg2str capi_cmsg2str
|
||||||
char *capi_cmsg2str(_cmsg * cmsg);
|
char *capi_cmsg2str(_cmsg * cmsg);
|
||||||
|
|
||||||
|
|
|
@ -842,10 +842,14 @@ static char *p = 0;
|
||||||
static void bufprint(char *fmt,...)
|
static void bufprint(char *fmt,...)
|
||||||
{
|
{
|
||||||
va_list f;
|
va_list f;
|
||||||
|
size_t space = buf + sizeof(buf) - p, len;
|
||||||
va_start(f, fmt);
|
va_start(f, fmt);
|
||||||
vsprintf(p, fmt, f);
|
len = vsnprintf(p, space, fmt, f);
|
||||||
va_end(f);
|
va_end(f);
|
||||||
p += strlen(p);
|
if (len < space - 1)
|
||||||
|
p += len;
|
||||||
|
else
|
||||||
|
p += space - 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void printstructlen(_cbyte * m, unsigned len)
|
static void printstructlen(_cbyte * m, unsigned len)
|
||||||
|
|
Loading…
Reference in New Issue