From 4207df9cc84a2ad46e449960cfefffaee090bd95 Mon Sep 17 00:00:00 2001 From: erickson Date: Thu, 3 May 2007 15:10:06 +0000 Subject: [PATCH] committing scott m's buffer protection patch git-svn-id: svn://svn.open-ils.org/OpenSRF/trunk@872 9efc2488-bf62-4759-914b-345cdb29e865 --- src/libstack/osrf_app_session.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/libstack/osrf_app_session.c b/src/libstack/osrf_app_session.c index e3bfe5c..2bc03da 100644 --- a/src/libstack/osrf_app_session.c +++ b/src/libstack/osrf_app_session.c @@ -188,22 +188,29 @@ osrf_app_session* osrf_app_client_session_init( char* remote_service ) { session->transport_handle = osrf_system_get_transport_client(); if( session->transport_handle == NULL ) { osrfLogWarning( OSRF_LOG_MARK, "No transport client for service 'client'"); + free( session ); return NULL; } char target_buf[512]; - memset(target_buf,0,512); + target_buf[ 0 ] = '\0'; osrfStringArray* arr = osrfNewStringArray(8); osrfConfigGetValueList(NULL, arr, "/domains/domain"); char* domain = osrfStringArrayGetString(arr, 0); char* router_name = osrfConfigGetValue(NULL, "/router_name"); - sprintf( target_buf, "%s@%s/%s", router_name, domain, remote_service ); + int len = snprintf( target_buf, 512, "%s@%s/%s", router_name, domain, remote_service ); osrfStringArrayFree(arr); //free(domain); free(router_name); + if( len >= sizeof( target_buf ) ) { + osrfLogWarning( OSRF_LOG_MARK, "Buffer overflow for remote_id"); + free( session ); + return NULL; + } + session->request_queue = osrfNewList(); session->request_queue->freeItem = &_osrf_app_request_free; session->remote_id = strdup(target_buf); -- 2.11.0