projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Replaced sprintf() by safer snprintf(), removed possible buffer overflow
[tinc]
/
src
/
net.c
diff --git
a/src/net.c
b/src/net.c
index
7ee41b8
..
ebcaeb3
100644
(file)
--- a/
src/net.c
+++ b/
src/net.c
@@
-956,19
+956,19
@@
cp
for(;;)
{
for(;;)
{
-
p=
0;
+
cl->reqlen =
0;
for(i = oldlen; i < cl->buflen; i++)
{
if(cl->buffer[i] == '\n')
{
for(i = oldlen; i < cl->buflen; i++)
{
if(cl->buffer[i] == '\n')
{
- cl->buffer[i] = 0; /*
turn end-of-line into end-of-string
*/
-
p
= i + 1;
+ cl->buffer[i] = 0; /*
replace end-of-line by end-of-string so we can use sscanf
*/
+
cl->reqlen
= i + 1;
break;
}
}
break;
}
}
- if(
p
)
+ if(
cl->reqlen
)
{
if(sscanf(cl->buffer, "%d", &request) == 1)
{
{
if(sscanf(cl->buffer, "%d", &request) == 1)
{
@@
-988,8
+988,8
@@
cp
syslog(LOG_ERR, "Bogus data received: %s", cl->buffer);
}
syslog(LOG_ERR, "Bogus data received: %s", cl->buffer);
}
- cl->buflen -=
p
;
- memmove(cl->buffer, cl->buffer +
p
, cl->buflen);
+ cl->buflen -=
cl->reqlen
;
+ memmove(cl->buffer, cl->buffer +
cl->reqlen
, cl->buflen);
oldlen = 0;
}
else
oldlen = 0;
}
else