committing scott m's buffer protection patch

git-svn-id: svn://svn.open-ils.org/OpenSRF/trunk@872 9efc2488-bf62-4759-914b-345cdb29e865

diff --git a/src/libstack/osrf_app_session.c b/src/libstack/osrf_app_session.c
index e3bfe5c..2bc03da 100644 (file)
--- a/src/libstack/osrf_app_session.c
+++ b/src/libstack/osrf_app_session.c
@@ -188,22 +188,29 @@ osrf_app_session* osrf_app_client_session_init( char* remote_service ) {
        session->transport_handle = osrf_system_get_transport_client();
        if( session->transport_handle == NULL ) {
                osrfLogWarning( OSRF_LOG_MARK, "No transport client for service 'client'");
+               free( session );
                return NULL;
        }
 
        char target_buf[512];
-       memset(target_buf,0,512);
+       target_buf[ 0 ] = '\0';
 
        osrfStringArray* arr = osrfNewStringArray(8);
        osrfConfigGetValueList(NULL, arr, "/domains/domain");
        char* domain = osrfStringArrayGetString(arr, 0);
        char* router_name = osrfConfigGetValue(NULL, "/router_name");
        
-       sprintf( target_buf, "%s@%s/%s",  router_name, domain, remote_service );
+       int len = snprintf( target_buf, 512, "%s@%s/%s",  router_name, domain, remote_service );
        osrfStringArrayFree(arr);
        //free(domain);
        free(router_name);
 
+       if( len >= sizeof( target_buf ) ) {
+               osrfLogWarning( OSRF_LOG_MARK, "Buffer overflow for remote_id");
+               free( session );
+               return NULL;
+       }
+
        session->request_queue = osrfNewList();
        session->request_queue->freeItem = &_osrf_app_request_free;
        session->remote_id = strdup(target_buf);