Vadim Yanitskiy has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/14973 )
Change subject: vty/vty.c: fix vty_execute(): prevent further heap-buffer overrun ...................................................................... Patch Set 1: (1 comment) https://gerrit.osmocom.org/#/c/14973/1/src/vty/vty.c File src/vty/vty.c: https://gerrit.osmocom.org/#/c/14973/1/src/vty/vty.c@690 PS1, Line 690: vty->buf[vty->length] = '\0'; > Rather move this to vty_read(), immediately before read() call. […] No way, because vty_read() read()s into a temporary buffer of fixed size on stack, and then parses each received symbol in a loop. Regular ASCII symbols are getting copied to another buffer on heap, which can also be reallocated if needed: if (buf[i] > 31 && buf[i] < 127) vty_self_insert(vty, buf[i]); Therefore neither adding '\0' before read() nor after would help. I still can move this code to vty_read() just before calling vty_execute(). -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/14973 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I82f774ad18d0e555eb8f3590a519946d9c583c78 Gerrit-Change-Number: 14973 Gerrit-PatchSet: 1 Gerrit-Owner: Vadim Yanitskiy <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Vadim Yanitskiy <[email protected]> Gerrit-Reviewer: pespin <[email protected]> Gerrit-Comment-Date: Tue, 30 Jul 2019 03:03:52 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: pespin <[email protected]> Gerrit-MessageType: comment
