Vadim Yanitskiy has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/14973 )
Change subject: vty/vty.c: fix vty_read(): prevent further heap-buffer overrun ...................................................................... Patch Set 2: (1 comment) https://gerrit.osmocom.org/#/c/14973/2/src/vty/vty.c File src/vty/vty.c: https://gerrit.osmocom.org/#/c/14973/2/src/vty/vty.c@1420 PS2, Line 1420: vty->buf[vty->length] = '\0'; > Just wondering if this affects other functions called in other cases of this > switch statement... Other cases are mostly about handling the control commands, such as Ctrl + D, Ctrl + W, etc. They don't use the buffer pointed by vty->buf. Excluding the cases below: auto-completion and interactive help. They both call cmd_make_strvec(), which seems to be safe against non-terminated input. At least I don't see any warnings from ASAN. -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/14973 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I82f774ad18d0e555eb8f3590a519946d9c583c78 Gerrit-Change-Number: 14973 Gerrit-PatchSet: 2 Gerrit-Owner: Vadim Yanitskiy <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Vadim Yanitskiy <[email protected]> Gerrit-Reviewer: laforge <[email protected]> Gerrit-Reviewer: pespin <[email protected]> Gerrit-Comment-Date: Tue, 30 Jul 2019 12:01:39 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: pespin <[email protected]> Gerrit-MessageType: comment
