Opened 10 years ago

Closed 8 years ago

#11770 closed bug (fixed)

CID 608995: Copy into fixed size buffer

Reported by: sli908 Owned by: nobody
Priority: normal Milestone: R1
Component: - General Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

Added check to prevent copying a string that would overflow the buffer

Attachments (1)

0001-CID-608995-Copy-into-fixed-size-buffer-added-check.patch (765 bytes ) - added by sli908 10 years ago.
patch that adds size check

Download all attachments as: .zip

Change History (4)

by sli908, 10 years ago

Attachment: 0001-CID-608995-Copy-into-fixed-size-buffer-added-check.patch added

patch that adds size check

comment:1 by sli908, 10 years ago

patch: 01

comment:2 by pulkomandy, 10 years ago

I don't think this is the correct way to handle this. A valid entry_ref is not allowed to use more than B_FILE_NAME_LENGTH characters so this shouldn't happen. If it does anyway, an error should be raised. Your code will just omit the name from the xfer_entry_ref, making it invalid, but will let the application continue and use it anyway. Since this is an unexpected condition (a file name longer than B_FILE_NAME_LENGTH is not allowed), the code should probably call debugger() if this happens.

comment:3 by pulkomandy, 8 years ago

Resolution: fixed
Status: newclosed

Fixed in hrev50504.

Note: See TracTickets for help on using tickets.