[pve-devel] [PATCH] fix read after string end
Dominik Csapak
d.csapak at proxmox.com
Tue Jun 18 14:24:07 CEST 2019
outs is not a zero-terminated string but has its length given by
outslen, so use that (with a maximum of the size of msg)
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
RADOS.xs | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/RADOS.xs b/RADOS.xs
index f3f5516..7eca024 100644
--- a/RADOS.xs
+++ b/RADOS.xs
@@ -131,8 +131,14 @@ CODE:
if (ret < 0) {
char msg[4096];
- snprintf(msg, sizeof(msg), "mon_command failed - %s\n", outs);
+ if (outslen > sizeof(msg)) {
+ outslen = sizeof(msg);
+ }
+ snprintf(msg, sizeof(msg), "mon_command failed - %.*s\n", (int)outslen, outs);
rados_buffer_free(outs);
+ if (outbuf != NULL) {
+ rados_buffer_free(outbuf);
+ }
die(msg);
}
--
2.11.0
More information about the pve-devel
mailing list