From 63670107c380893fc62be356d9700c23b7776c96 Mon Sep 17 00:00:00 2001 From: erickson Date: Mon, 17 Nov 2008 02:56:40 +0000 Subject: [PATCH] Patch from Scott McKellar: This patch fixes a bug in the OSRF_BUFFER_ADD_CHAR macro. Like the corresponding buffer_add_char function, this macro appends a specified character to a growing_buffer. Unlike the function, however, the existing version of the macro does not also append a terminal nul. This bug had gone unnoticed because, most of the time, the rest of the buffer is already filled with nuls, left over from the initial creation of the growing_buffer. I stumbled across the problem when, in the course of writing a test harness for some other changes, I called buffer_reset() in order to reuse an existing growing_buffer instead of destroying and re-creating it. With debugging turned on, buffer_reset() fills the buffer with exclamation points, leaving a nul only in the very last byte. Later, if we use buffer_add() or buffer_fadd() to extend the string stored in the growing_buffer, it uses strcat() to append the new characters. The result is a buffer overflow. Actually buffer_reset() should place a nul in the first byte of the buffer. Tomorrow I shall submit a patch to that effect. git-svn-id: svn://svn.open-ils.org/OpenSRF/trunk@1494 9efc2488-bf62-4759-914b-345cdb29e865 --- include/opensrf/utils.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/opensrf/utils.h b/include/opensrf/utils.h index f6cb272..f8fc04c 100644 --- a/include/opensrf/utils.h +++ b/include/opensrf/utils.h @@ -69,8 +69,10 @@ GNU General Public License for more details. #define OSRF_BUFFER_ADD_CHAR(gb, c)\ do {\ if(gb) {\ - if(gb->n_used < gb->size - 1)\ + if(gb->n_used < gb->size - 1) {\ gb->buf[gb->n_used++] = c;\ + gb->buf[gb->n_used] = '\0';\ + }\ else\ buffer_add_char(gb, c);\ }\ @@ -207,7 +209,7 @@ long va_list_size(const char* format, va_list); char* va_list_to_string(const char* format, ...); -/* string escape utility method. escapes unicode embeded characters. +/* string escape utility method. escapes unicode embedded characters. escapes the usual \n, \t, etc. for example, if you provide a string like so: -- 2.43.2