svn rev #21992: tools/gssmonger/trunk/gssmaster/
raeburn@MIT.EDU
raeburn at MIT.EDU
Thu Feb 12 19:54:47 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21992
Commit By: raeburn
Log Message:
Check for buffer overrun. Fix signed-char bug leading to buffer overrun.
Changed Files:
U tools/gssmonger/trunk/gssmaster/misc.c
Modified: tools/gssmonger/trunk/gssmaster/misc.c
===================================================================
--- tools/gssmonger/trunk/gssmaster/misc.c 2009-02-13 00:53:47 UTC (rev 21991)
+++ tools/gssmonger/trunk/gssmaster/misc.c 2009-02-13 00:54:47 UTC (rev 21992)
@@ -63,6 +63,7 @@
--*/
+#include <assert.h>
#include "everything.h"
#include "svconn.h"
#include "netutil.h"
@@ -855,10 +856,13 @@
iChar < cbToken ;
iChar ++, pbToken++ ) {
+ assert(HexCursor + 3 - HexContents < sizeof(HexContents));
HexCursor += sprintf( HexCursor,
"%02x ",
- *pbToken );
+ 0xff & *pbToken );
+ assert(HexCursor <= HexContents + sizeof(HexContents));
+ assert(iLine < sizeof(AsciiContents));
if ( isprint( *pbToken ) ) {
AsciiContents[ iLine ] = *pbToken;
} else {
@@ -866,14 +870,17 @@
}
iLine++;
+ assert(iLine < sizeof(AsciiContents));
AsciiContents[ iLine ] = '\0';
if ( iChar == cbToken -1 ) {
while ( iLine < CHUNKSIZE ) {
+ assert(HexCursor + 3 - HexContents < sizeof(HexContents));
HexCursor += sprintf( HexCursor,
" " );
+ assert(HexCursor <= HexContents + sizeof(HexContents));
iLine++;
}
More information about the cvs-krb5
mailing list