mirror
/
libx52
mirror of https://github.com/nirenjan/libx52.git
1
0
Fork 0
Code Releases Wiki Activity

Allow upto 1024 arguments 

Prior to this change, it was possible for a malicious client to send a
buffer of 1024 NUL bytes, which would cause the parser to overflow the
argv array and eventually crash the program.

This change makes the length of the argv array the same as the length of
the recv buffer, which means that even an input of all 0 bytes would not
cause any issues. The client would just get a bunch of ERR responses in
return.
reverse-scroll
nirenjan 2021-11-07 15:07:10 -08:00
parent 87bf5881dd
commit f2b0110380
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daemon/x52d_command.c
View File

@ -298,7 +298,7 @@ static void cmd_config(char *buffer, int *buflen, int argc, char **argv)
static void command_parser(char *buffer, int *buflen)
{
int argc = 0;
char *argv[512] = { 0 };
char *argv[1024] = { 0 };
int i = 0;
while (i < *buflen) {