Skip to content
Permalink
Browse files Browse the repository at this point in the history
Stratum: extract_sockaddr: Truncate overlong addresses rather than st…
…ack overflow

Thanks to Mick Ayzenberg <mick@dejavusecurity.com> for finding this!
  • Loading branch information
luke-jr committed Jun 5, 2014
1 parent d282bd2 commit c80ad85
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions util.c
Expand Up @@ -1002,6 +1002,13 @@ bool extract_sockaddr(struct pool *pool, char *url)

if (url_len < 1)
return false;

if (url_len >= sizeof(url_address))
{
applog(LOG_WARNING, "%s: Truncating overflowed address '%.*s'",
__func__, url_len, url_begin);
url_len = sizeof(url_address) - 1;
}

sprintf(url_address, "%.*s", url_len, url_begin);

Expand Down

0 comments on commit c80ad85

Please sign in to comment.