Skip to content

Commit

Permalink
aserver: fix buffer overwriting
Browse files Browse the repository at this point in the history 
name array should allocate space for the null terminator. Also, need to
check if client->name has enough space for strcpy.

Closes: #364
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
  • Loading branch information
@szsam @perexg
szsam authored and perexg committed Dec 11, 2023
1 parent cd04da2 commit 0e0a92b
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion aserver/aserver.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -738,7 +738,7 @@ static int snd_client_open(client_t *client)
ans.result = -EINVAL;
goto _answer;
}
name = alloca(req.namelen);
name = alloca(req.namelen + 1);
err = read(client->ctrl_fd, name, req.namelen);
if (err < 0) {
SYSERROR("read failed");
Expand Down Expand Up @@ -775,6 +775,10 @@ static int snd_client_open(client_t *client)
name[req.namelen] = '\0';

client->transport_type = req.transport_type;
if (sizeof(client->name) < (size_t)(req.namelen + 1)) {
ans.result = -ENOMEM;
goto _answer;
}
strcpy(client->name, name);
client->stream = req.stream;
client->mode = req.mode;
Expand Down

0 comments on commit 0e0a92b

Please sign in to comment.