[PATCH] whois: It is safe to tell fgets() the entire size of the buffer

fgets() reads in at most one less than size characters from stream, so no need to account for the extra byte needed for the final \0. In fact, it was never set to \0 if fgets() did not do it. Signed-off-by: Xabier Oneca --- networking/whois.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Re: Possible DoS in whois (1.31), caused by memory exhaustion

I limited the size to 32k now. On Mon, Dec 2, 2019 at 10:37 PM Erez Turjeman wrote: > > > > On Mon, Dec 2, 2019 at 4:19 PM Tito wrote: >> >> On 12/2/19 9:50 PM, Erez Turjeman wrote: >> > I don't think that the RFC itself defines the any constraints on response >> > length or maximum count of it

[PATCH v2] whois: It is safe to tell fgets() the entire size of the buffer

fgets() reads in at most one less than size characters from stream, so no need to account for the extra byte needed for the final '\0'. In fact, it was never set to '\0' if fgets() did not do it. Signed-off-by: Xabier Oneca --- networking/whois.c | 2 +- 1 file changed, 1 insertion(+), 1 deletio