diff options
| author | Andreas Schneider <asn@cryptomilk.org> | 2013-08-11 15:24:47 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2013-08-13 09:50:51 +0200 |
| commit | 6b06431e9bcbef2eb1126dda01a68d4a81f0825e (patch) | |
| tree | ab2ab59fc87488820469380049aa9334d96fe417 /core/Messenger.c | |
| parent | 6b256ffdb4b179a253a8cc55973314a6990985a0 (diff) | |
core: Fix a possible buffer overflow using getself_name().
If the passed buffer is smaller than MAX_NAME_LENGTH then, you
will probably overflow it.
Diffstat (limited to 'core/Messenger.c')
| -rw-r--r-- | core/Messenger.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/core/Messenger.c b/core/Messenger.c index ebde5a78..1c81163c 100644 --- a/core/Messenger.c +++ b/core/Messenger.c | |||
| @@ -267,10 +267,18 @@ int setname(Messenger *m, uint8_t * name, uint16_t length) | |||
| 267 | put it in name | 267 | put it in name |
| 268 | name needs to be a valid memory location with a size of at least MAX_NAME_LENGTH bytes. | 268 | name needs to be a valid memory location with a size of at least MAX_NAME_LENGTH bytes. |
| 269 | return the length of the name */ | 269 | return the length of the name */ |
| 270 | uint16_t getself_name(Messenger *m, uint8_t *name) | 270 | uint16_t getself_name(Messenger *m, uint8_t *name, uint16_t nlen) |
| 271 | { | 271 | { |
| 272 | uint16_t len; | ||
| 273 | |||
| 274 | if (name == NULL || nlen == 0) { | ||
| 275 | return 0; | ||
| 276 | } | ||
| 277 | |||
| 278 | len = MIN(nlen, m->name_length); | ||
| 272 | memcpy(name, m->name, m->name_length); | 279 | memcpy(name, m->name, m->name_length); |
| 273 | return m->name_length; | 280 | |
| 281 | return len; | ||
| 274 | } | 282 | } |
| 275 | 283 | ||
| 276 | /* get name of friendnumber | 284 | /* get name of friendnumber |