From f2b011038064e4f90b9c20a18f05e9a370ecb48c Mon Sep 17 00:00:00 2001 From: nirenjan Date: Sun, 7 Nov 2021 15:07:10 -0800 Subject: [PATCH] Allow upto 1024 arguments Prior to this change, it was possible for a malicious client to send a buffer of 1024 NUL bytes, which would cause the parser to overflow the argv array and eventually crash the program. This change makes the length of the argv array the same as the length of the recv buffer, which means that even an input of all 0 bytes would not cause any issues. The client would just get a bunch of ERR responses in return. --- daemon/x52d_command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/x52d_command.c b/daemon/x52d_command.c index aa5ed66..fb5962b 100644 --- a/daemon/x52d_command.c +++ b/daemon/x52d_command.c @@ -298,7 +298,7 @@ static void cmd_config(char *buffer, int *buflen, int argc, char **argv) static void command_parser(char *buffer, int *buflen) { int argc = 0; - char *argv[512] = { 0 }; + char *argv[1024] = { 0 }; int i = 0; while (i < *buflen) {