search

davidmoreno / onion

C library to create simple HTTP servers and Web Applications.
http://www.coralbits.com/libonion/
Other
2.01k stars 250 forks source link

Randomly generated UUID can contain `'\0'` #301

Closed Bogdanisar closed 2 years ago

Bogdanisar commented 2 years ago

Hi, I've ran some static code analysis on the project and noticed the following code snippet in examples/oterm/oterm_handler.c:263:

const char random_chars[] = "0123456789abcdef-";
for (i = 0; i < sizeof(oterm->uuid) - 1; i++) {
    oterm->uuid[i] = random_chars[rand() % sizeof(random_chars)];
}

oterm->uuid is defined as char uuid[37];. Because we are using rand() % sizeof(random_chars) instead of rand() % strlen(random_chars), that would mean the code can also get the '\0' character from the end of the random_chars C-string. Wouldn't that effectively mean that the oterm->uuid C-string can have less than 36 characters (because there would be a '\0' in the middle) ?

Is this the intended behaviour?

davidmoreno commented 2 years ago

No, its not the intended behaviour, it should be a sizeof()-1 (better than strlen, as its guaranteed to be be known at compile time). Can you make a pull request with the change?

Bogdanisar commented 2 years ago

Yes, will do.