]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f8eb2e)
imv-scanner: Fix potential buffer overflow
authorTobias Brunner <tobias@strongswan.org>
Tue, 18 Aug 2020 11:18:52 +0000 (13:18 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 18 Aug 2020 12:05:04 +0000 (14:05 +0200)
While `pos` was moved to the end, `len` was not adjusted (i.e. set to 0)
so later calls could write beyond the buffer.  However, the last port
written might have been incomplete, so instead we just reset the string.

src/libimcv/plugins/imv_scanner/imv_scanner_agent.c patch | blob | blame | history

diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
index 8dce4986f621fbeb7bdf9bed1c8012a461d70cff..247a76c3f4be8d49cbb8a889d40cce1e760d7e0a 100644 (file)
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c
@@ -429,7 +429,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                        written = snprintf(pos, len, " %u", port);
                                        if (written < 0 || written >= len)
                                        {
-                                               pos += len - 1;
                                                *pos = '\0';
                                        }
                                        else
Unnamed repository; edit this file 'description' to name the repository.