Skip to content
Permalink
Browse files

Fix security issue reported by someone.

someone will get their name attributed for future issues if they bother
following procedure.
  • Loading branch information
dormando committed Mar 23, 2020
1 parent aac7d69 commit 02c6a2b62ddcb6fa4569a591d3461a156a636305
Showing with 3 additions and 2 deletions.
  1. +3 −2 memcached.c
@@ -6175,8 +6175,9 @@ static int try_read_command_binary(conn *c) {
// want to refactor a ton of code either. Header is only ever used out
// of c->binary_header, but the extlen stuff is used for the latter
// bytes. Just wastes 24 bytes on the stack this way.
char extbuf[sizeof(c->binary_header) + BIN_MAX_EXTLEN];
memcpy(extbuf + sizeof(c->binary_header), c->rcurr + sizeof(c->binary_header), extlen);
char extbuf[sizeof(c->binary_header) + BIN_MAX_EXTLEN+1];
memcpy(extbuf + sizeof(c->binary_header), c->rcurr + sizeof(c->binary_header),
extlen > BIN_MAX_EXTLEN ? BIN_MAX_EXTLEN : extlen);
c->rbytes -= sizeof(c->binary_header) + extlen + keylen;
c->rcurr += sizeof(c->binary_header) + extlen + keylen;

0 comments on commit 02c6a2b

Please sign in to comment.
You can’t perform that action at this time.