neels has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/14973 )
Change subject: vty/vty.c: fix vty_read(): prevent further heap-buffer overrun ...................................................................... Patch Set 3: (1 comment) https://gerrit.osmocom.org/#/c/14973/3/src/vty/vty.c File src/vty/vty.c: https://gerrit.osmocom.org/#/c/14973/3/src/vty/vty.c@1420 PS3, Line 1420: vty->buf[vty->length] = '\0'; While this might be correct, I wonder if there is a better place for this. Usually I would expect stuff written to vty->buf and some range checks and assignment to vty->length right before this. Reading this here seems out of context: I don't see any vty->buf or vty->length used in this function. Where is the vty->buf filled with vty->length nr of characters? If there is no single place like that, maybe it would make sense to put this nul termination into vty_execute()? -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/14973 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I82f774ad18d0e555eb8f3590a519946d9c583c78 Gerrit-Change-Number: 14973 Gerrit-PatchSet: 3 Gerrit-Owner: Vadim Yanitskiy <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Vadim Yanitskiy <[email protected]> Gerrit-Reviewer: laforge <[email protected]> Gerrit-Reviewer: pespin <[email protected]> Gerrit-CC: neels <[email protected]> Gerrit-Comment-Date: Tue, 30 Jul 2019 16:47:46 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment
