Repository: guacamole-server Updated Branches: refs/heads/master 5b58c7e15 -> 599ca960a
GUACAMOLE-500: Explicitly guarantee typescript filename cannot exceed buffer size. Project: http://git-wip-us.apache.org/repos/asf/guacamole-server/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-server/commit/cd0e4823 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-server/tree/cd0e4823 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-server/diff/cd0e4823 Branch: refs/heads/master Commit: cd0e48234a079813664052b56c501e854753303a Parents: 5b58c7e Author: Michael Jumper <[email protected]> Authored: Tue Feb 6 22:12:08 2018 -0800 Committer: Michael Jumper <[email protected]> Committed: Tue Feb 6 22:13:55 2018 -0800 ---------------------------------------------------------------------- src/terminal/typescript.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/cd0e4823/src/terminal/typescript.c ---------------------------------------------------------------------- diff --git a/src/terminal/typescript.c b/src/terminal/typescript.c index 69c8a1d..2333845 100644 --- a/src/terminal/typescript.c +++ b/src/terminal/typescript.c @@ -130,8 +130,13 @@ guac_terminal_typescript* guac_terminal_typescript_alloc(const char* path, } /* Append suffix to basename */ - sprintf(typescript->timing_filename, "%s.%s", typescript->data_filename, - GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX); + if (snprintf(typescript->timing_filename, sizeof(typescript->timing_filename), + "%s.%s", typescript->data_filename, GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX) + >= sizeof(typescript->timing_filename)) { + close(typescript->data_fd); + free(typescript); + return NULL; + } /* Attempt to open typescript timing file */ typescript->timing_fd = open(typescript->timing_filename,
