From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 3 May 2007 15:10:06 +0000 (+0000)
Subject: committing scott m's buffer protection patch
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=97fd01b72131dfba75cc38e62e7cb4e509481dc6;p=Evergreen.git

committing scott m's buffer protection patch


git-svn-id: svn://svn.open-ils.org/ILS/trunk@7195 dcc99617-32d9-48b4-a31d-7c20da2025e4
---

diff --git a/OpenSRF/src/libstack/osrf_app_session.c b/OpenSRF/src/libstack/osrf_app_session.c
index e3bfe5cbaf..2bc03da45f 100644
--- a/OpenSRF/src/libstack/osrf_app_session.c
+++ b/OpenSRF/src/libstack/osrf_app_session.c
@@ -188,22 +188,29 @@ osrf_app_session* osrf_app_client_session_init( char* remote_service ) {
 	session->transport_handle = osrf_system_get_transport_client();
 	if( session->transport_handle == NULL ) {
 		osrfLogWarning( OSRF_LOG_MARK, "No transport client for service 'client'");
+		free( session );
 		return NULL;
 	}
 
 	char target_buf[512];
-	memset(target_buf,0,512);
+	target_buf[ 0 ] = '\0';
 
 	osrfStringArray* arr = osrfNewStringArray(8);
 	osrfConfigGetValueList(NULL, arr, "/domains/domain");
 	char* domain = osrfStringArrayGetString(arr, 0);
 	char* router_name = osrfConfigGetValue(NULL, "/router_name");
 	
-	sprintf( target_buf, "%s@%s/%s",  router_name, domain, remote_service );
+	int len = snprintf( target_buf, 512, "%s@%s/%s",  router_name, domain, remote_service );
 	osrfStringArrayFree(arr);
 	//free(domain);
 	free(router_name);
 
+	if( len >= sizeof( target_buf ) ) {
+		osrfLogWarning( OSRF_LOG_MARK, "Buffer overflow for remote_id");
+		free( session );
+		return NULL;
+	}
+
 	session->request_queue = osrfNewList();
 	session->request_queue->freeItem = &_osrf_app_request_free;
 	session->remote_id = strdup(target_buf);