Fix: Possible invalid read on string in set_ip_address()
authorDavid Goulet <dgoulet@efficios.com>
Tue, 14 Aug 2012 21:14:04 +0000 (17:14 -0400)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 14 Aug 2012 21:14:04 +0000 (17:14 -0400)
Acked-by: Christian Babeux <christian.babeux@efficios.com>
Signed-off-by: David Goulet <dgoulet@efficios.com>
src/common/uri.c

index 3581e307d33a0dfa5bdcb5932b0e5fb648b30114..e686f7c5d788b2676a49c9b4746c846a63fc5aba 100644 (file)
@@ -16,6 +16,7 @@
  */
 
 #define _GNU_SOURCE
  */
 
 #define _GNU_SOURCE
+#include <assert.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <stdlib.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <stdlib.h>
@@ -103,6 +104,11 @@ static int set_ip_address(const char *addr, int af, char *dst, size_t size)
        unsigned char buf[sizeof(struct in6_addr)];
        struct hostent *record;
 
        unsigned char buf[sizeof(struct in6_addr)];
        struct hostent *record;
 
+       assert(addr);
+       assert(dst);
+
+       memset(dst, 0, size);
+
        /* Network protocol */
        ret = inet_pton(af, addr, buf);
        if (ret < 1) {
        /* Network protocol */
        ret = inet_pton(af, addr, buf);
        if (ret < 1) {
@@ -117,7 +123,10 @@ static int set_ip_address(const char *addr, int af, char *dst, size_t size)
                /* Translate IP to string */
                (void) inet_ntop(af, record->h_addr_list[0], dst, size);
        } else {
                /* Translate IP to string */
                (void) inet_ntop(af, record->h_addr_list[0], dst, size);
        } else {
-               memcpy(dst, addr, size);
+               if (size > 0) {
+                       strncpy(dst, addr, size);
+                       dst[size - 1] = '\0';
+               }
        }
 
        DBG2("IP address resolved to %s", dst);
        }
 
        DBG2("IP address resolved to %s", dst);
This page took 0.034656 seconds and 4 git commands to generate.