Fixed a potential security bug in http_err. There was a possibility of a

heap overflow exploit.
2001-01-15 17:06:19 +00:00 · 2001-01-15 17:06:19 +00:00 · 2f2d74e9f2
commit 2f2d74e9f2
parent cc704ae7a7
2 changed files with 6 additions and 2 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+2001-01-15  Robert James Kaes  <rjkaes@flarenet.com>
+
+	* src/utils.c (httperr): A heap overflow bug fixed.
+
 2000-12-07  Robert James Kaes  <rjkaes@flarenet.com>

 	* src/thread.c (thread_main_loop): Removed all the weird timing
--- a/src/utils.c
+++ b/src/utils.c
@ -1,4 +1,4 @@
-/* $Id: utils.c,v 1.2 2000-09-12 00:01:29 rjkaes Exp $
+/* $Id: utils.c,v 1.3 2001-01-15 17:06:19 rjkaes Exp $
 *
 * Misc. routines which are used by the various functions to handle strings
 * and memory allocation and pretty much anything else we can think of. Also,
@ -79,7 +79,7 @@ int httperr(struct conn_s *connptr, int err, char *msg)
 		return -1;
 	}

-	sprintf(connptr->output_message, premsg, err, msg, msg, err, msg, VERSION);
+	snprintf(connptr->output_message, MAXBUFFSIZE, premsg, err, msg, msg, err, msg, VERSION);

 	return 0;
 }