[jira] [Created] (GEODE-6495) Buffer size too small for nonblock error message

Jonas Jensen (JIRA) Thu, 07 Mar 2019 05:55:10 -0800

Jonas Jensen created GEODE-6495:
-----------------------------------

             Summary: Buffer size too small for nonblock error message
                 Key: GEODE-6495
                 URL: https://issues.apache.org/jira/browse/GEODE-6495
             Project: Geode
          Issue Type: Bug
            Reporter: Jonas Jensen



In {{cppcache/src/TcpConn.cpp}}, there's [a buffer of length 
250|https://github.com/apache/geode-native/blob/268bc6e4c1d070b40cd723437491b85589ba681e/cppcache/src/TcpConn.cpp#L243]
 that's [written to with an {{snprintf}} 
call|https://github.com/apache/geode-native/blob/268bc6e4c1d070b40cd723437491b85589ba681e/cppcache/src/TcpConn.cpp#L245]
 that's allowed to write up to 256 characters.

Either the buffer should be larger, or the argument to {{sprintf}} should be 
smaller.

I don't see any way that this could have security implications since it only 
writes static data taken from the locale of the process. Nevertheless, I think 
it's worth fixing for the sake of code hygiene.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (GEODE-6495) Buffer size too small for nonblock error message

Reply via email to