buffer overflow vulnerability

eBay / NuRaft

C++ implementation of Raft core logic as a replication library

Apache License 2.0

1.02k stars 241 forks source link

buffer overflow vulnerability #403

Open cbucher opened 1 year ago

cbucher commented 1 year ago

Hi,

the sprintf function is used in several places including here in raft_server.cxx :

        sprintf( temp_buf,
                 "peer %d: DC ID %d, %s, %s, %d\n",
                 (int)cur_srv->get_id(),
                 (int)cur_srv->get_dc_id(),
                 cur_srv->get_endpoint().c_str(),
                 cur_srv->is_learner() ? "learner" : "voting member",
                 cur_srv->get_priority() );

The echo_server in the examples folder provide a vulnerable code:

Regards

greensky00 commented 1 year ago

Yes, need to replace sprintf with snprintf, or just get rid of it and use stringstream instead.

greensky00 commented 1 year ago

https://github.com/eBay/NuRaft/pull/409