Skip to content
Permalink
Browse files Browse the repository at this point in the history
Stratum: extract_sockaddr: Truncate overlong addresses rather than st…
…ack overflow

Thanks to Mick Ayzenberg <mick@dejavusecurity.com> for finding this!
  • Loading branch information
luke-jr authored and veox committed Jun 5, 2014
1 parent bac5831 commit b65574b
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions util.c
Expand Up @@ -1219,6 +1219,13 @@ bool extract_sockaddr(char *url, char **sockaddr_url, char **sockaddr_port)

if (url_len < 1)
return false;

if (url_len >= sizeof(url_address))
{
applog(LOG_WARNING, "%s: Truncating overflowed address '%.*s'",
__func__, url_len, url_begin);
url_len = sizeof(url_address) - 1;
}

sprintf(url_address, "%.*s", url_len, url_begin);

Expand Down

0 comments on commit b65574b

Please sign in to comment.