----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14442/#review26605 -----------------------------------------------------------
/proton/trunk/proton-c/src/transport/transport.c <https://reviews.apache.org/r/14442/#comment51847> In the original code both condition->name and condition->description are vulnerable to buffer overruns. How about replacing strncat with a function that accepts the length of the destination buffer and applies the proposed fix to all instances? Windows builds complain of unsafe functions strcat, sprintf, strncpy, strncat, and getenv for precisely the reason exposed by this bug. - Chug Rolke On Oct. 2, 2013, 11:58 a.m., Gordon Sim wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/14442/ > ----------------------------------------------------------- > > (Updated Oct. 2, 2013, 11:58 a.m.) > > > Review request for qpid and Rafael Schloming. > > > Bugs: PROTON-432 > https://issues.apache.org/jira/browse/PROTON-432 > > > Repository: qpid > > > Description > ------- > > If error description is very long it overruns the buffer and causes segfault > on processing the corrupted condition information. > > > Diffs > ----- > > /proton/trunk/proton-c/src/transport/transport.c 1527976 > > Diff: https://reviews.apache.org/r/14442/diff/ > > > Testing > ------- > > Fixes my test case. > > python-test, c-object-tests and c-message-tests also pass > proton-jni, proton-java and ruby-unit-test fail for me even on a clean build > > > Thanks, > > Gordon Sim > >
