[Nbd] [PATCH] Buffer overflow and unterminated string in nbd-client.c
- To: nbd-general@lists.sourceforge.net
- Subject: [Nbd] [PATCH] Buffer overflow and unterminated string in nbd-client.c
- From: goswin-v-b@...186...
- Date: Sun, 5 May 2013 12:44:29 +0200
- Message-id: <1367750669-24237-2-git-send-email-goswin-v-b@...186...>
- In-reply-to: <1367750669-24237-1-git-send-email-goswin-v-b@...186...>
- References: <51860491.6000507@...112...> <1367750669-24237-1-git-send-email-goswin-v-b@...186...>
From: Goswin von Brederlow <goswin-v-b@...186...>
---
nbd-client.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/nbd-client.c b/nbd-client.c
index 818198e..dadf95d 100644
--- a/nbd-client.c
+++ b/nbd-client.c
@@ -136,7 +136,8 @@ void ask_list(int sock) {
uint32_t len;
uint32_t reptype;
uint64_t magic;
- char buf[1024];
+ const int BUF_SIZE = 1024;
+ char buf[BUF_SIZE];
magic = ntohll(opts_magic);
if (write(sock, &magic, sizeof(magic)) < 0)
@@ -200,10 +201,15 @@ void ask_list(int sock) {
exit(EXIT_FAILURE);
}
len=ntohl(len);
+ if (len >= BUF_SIZE) {
+ fprintf(stderr, "\nE: export name on server too long\n");
+ exit(EXIT_FAILURE);
+ }
if(read(sock, buf, len) < 0) {
fprintf(stderr, "\nE: could not read export name from server\n");
exit(EXIT_FAILURE);
}
+ buf[len] = 0;
printf("%s\n", buf);
}
}
--
1.7.10.4
Reply to: