diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2013-08-11 15:24:47 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-08-13 09:50:51 +0200 |
commit | 6b06431e9bcbef2eb1126dda01a68d4a81f0825e (patch) | |
tree | ab2ab59fc87488820469380049aa9334d96fe417 /core | |
parent | 6b256ffdb4b179a253a8cc55973314a6990985a0 (diff) |
core: Fix a possible buffer overflow using getself_name().
If the passed buffer is smaller than MAX_NAME_LENGTH then, you
will probably overflow it.
Diffstat (limited to 'core')
-rw-r--r-- | core/Messenger.c | 12 | ||||
-rw-r--r-- | core/Messenger.h | 16 |
2 files changed, 22 insertions, 6 deletions
diff --git a/core/Messenger.c b/core/Messenger.c index ebde5a78..1c81163c 100644 --- a/core/Messenger.c +++ b/core/Messenger.c | |||
@@ -267,10 +267,18 @@ int setname(Messenger *m, uint8_t * name, uint16_t length) | |||
267 | put it in name | 267 | put it in name |
268 | name needs to be a valid memory location with a size of at least MAX_NAME_LENGTH bytes. | 268 | name needs to be a valid memory location with a size of at least MAX_NAME_LENGTH bytes. |
269 | return the length of the name */ | 269 | return the length of the name */ |
270 | uint16_t getself_name(Messenger *m, uint8_t *name) | 270 | uint16_t getself_name(Messenger *m, uint8_t *name, uint16_t nlen) |
271 | { | 271 | { |
272 | uint16_t len; | ||
273 | |||
274 | if (name == NULL || nlen == 0) { | ||
275 | return 0; | ||
276 | } | ||
277 | |||
278 | len = MIN(nlen, m->name_length); | ||
272 | memcpy(name, m->name, m->name_length); | 279 | memcpy(name, m->name, m->name_length); |
273 | return m->name_length; | 280 | |
281 | return len; | ||
274 | } | 282 | } |
275 | 283 | ||
276 | /* get name of friendnumber | 284 | /* get name of friendnumber |
diff --git a/core/Messenger.h b/core/Messenger.h index fa69d104..aa9611a4 100644 --- a/core/Messenger.h +++ b/core/Messenger.h | |||
@@ -196,10 +196,18 @@ int m_sendaction(Messenger *m, int friendnumber, uint8_t *action, uint32_t lengt | |||
196 | return -1 if failure */ | 196 | return -1 if failure */ |
197 | int setname(Messenger *m, uint8_t *name, uint16_t length); | 197 | int setname(Messenger *m, uint8_t *name, uint16_t length); |
198 | 198 | ||
199 | /* get our nickname | 199 | /** |
200 | put it in name | 200 | * @brief Get your nickname. |
201 | return the length of the name*/ | 201 | * |
202 | uint16_t getself_name(Messenger *m, uint8_t *name); | 202 | * @param[in] m The messanger context to use. |
203 | * | ||
204 | * @param[inout] name Pointer to a string for the name. | ||
205 | * | ||
206 | * @param[in] nlen The length of the string buffer. | ||
207 | * | ||
208 | * @return Return the length of the name, 0 on error. | ||
209 | */ | ||
210 | uint16_t getself_name(Messenger *m, uint8_t *name, uint16_t nlen); | ||
203 | 211 | ||
204 | /* get name of friendnumber | 212 | /* get name of friendnumber |
205 | put it in name | 213 | put it in name |