net.c: properly check result of vsnprintf() in 'send_remote_command()'

[lxv]

An excessively long remote command may get truncated by 'vsnprintf()' call in L87 which may go unnoticed by the incorrect check in L89 resulting in two bytes written beyond 'char cmd[4096]' array with 'strcat()' in L95 that assumes enough space was left in the buffer to append "\r\n"

[corecode]

Please only change the conditional in this PR, i.e. one line change.

On May 5, 2024, at 18:01, Alex Vasylenko @.***> wrote:

An excessively long remote command may get truncated by 'vsnprintf()' call in L87 which may go unnoticed by the incorrect check in L89 resulting in two bytes written beyond 'char cmd[4096]' array with 'strcat()' in L95 that assumes enough space was left in the buffer to append "\r\n" Includes and are not used in this file - removed; missing '#include ' (needed for va_start/va_end()) and '#include ' (needed for vsnprintf()) added. You can view, comment on, or merge this pull request online at: https://github.com/corecode/dma/pull/134 Commit Summary • dcc8767 net.c: properly check result of vsnprintf() in 'send_remote_command()' File Changes (1 file) • M net.c (6) Patch Links: • https://github.com/corecode/dma/pull/134.patch • https://github.com/corecode/dma/pull/134.diff — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>