[pve-devel] applied: [PATCH] fix read after string end

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Jun 18 16:06:33 CEST 2019


On 6/18/19 2:24 PM, Dominik Csapak wrote:
> outs is not a zero-terminated string but has its length given by
> outslen, so use that (with a maximum of the size of msg)
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  RADOS.xs | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/RADOS.xs b/RADOS.xs
> index f3f5516..7eca024 100644
> --- a/RADOS.xs
> +++ b/RADOS.xs
> @@ -131,8 +131,14 @@ CODE:
>  
>      if (ret < 0) {
>          char msg[4096];
> -        snprintf(msg, sizeof(msg), "mon_command failed - %s\n", outs);
> +        if (outslen > sizeof(msg)) {
> +            outslen = sizeof(msg);
> +        }

while above could be really omitted without negative implications it
does not hurts either, so -> applied, thanks!

> +        snprintf(msg, sizeof(msg), "mon_command failed - %.*s\n", (int)outslen, outs);
>          rados_buffer_free(outs);
> +        if (outbuf != NULL) {
> +            rados_buffer_free(outbuf);
> +        }
>          die(msg);
>      }
>  
> 





More information about the pve-devel mailing list