-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential buffer overflow #23
Comments
+1
|
All of the An argument could be made for a more appropriate variable name than |
@kteza1 your code is generally right, but for microcoap, it already subtracts 1 at the beginning. @pcsrule agree that the null terminator space is reserved already. But the "len" parameter of strncat (i.e. the 3rd argument) is the length of the source (2nd argument) not the destination (1st argument). So when the strncat concatenate strings, it doesn't know how much space left in the destination, thus could cause overflow. |
The |
@pcsrule the 3rd argument of strncat is the length of the source not destination. strncat has no idea about the dest length. I think you get confused with snprintf. You can do "man strncat" on your machine to look at the definition and its implementation. |
@pcsrule @megakilo Sorry I commented without seeing the full code properly. @pcsrule is correct.
strncat has idea about neither This issue can be closed IMO |
In the endpoints.c file, there are a lot of strncat calls.
For example: strncat(rsp, ">;", len);
The third parameter should be the max length to be appended from the string at the second parameter. So it should not be "len".
Also to avoid buffer overflow, I think it should be:
strncat(rsp, ">;", len-strlen(rsp)); //len is already the buffer size without \0
Is my understanding right?
The text was updated successfully, but these errors were encountered: