Fixed buffer overflow. - Githubissues

eriksl / streamproxy

This stream proxy can replace the streamproxy, transtreamproxy and filestreamproxy on VU+ receiver. Care has been taken to always fetch all bufferend data, so the transcoding engine won't crash.

Other

11 stars 14 forks source link

Fixed buffer overflow. #5

Closed WanWizard closed 5 years ago

WanWizard commented 5 years ago

Some enigma2 config keys, like "config.misc.pluginbrowser.plugin_order" or "config.movielist.videodirs", can easily exceed 1024 characters, causing a "user.warn streamproxy: line does not contain delimiter" parse error in the log.

eriksl commented 5 years ago

Strictly it's no a buffer overflow, it's a string truncation ;-) No buffer overflows in my code!

The better approach might be to keep the buffer length (or even decrease it) and skip the line altogether because the lines that tend to be long are not interesting to us.

WanWizard commented 5 years ago

Semantics. ;-)

Not sure how you want to approach detecting such lines, so I'll leave that up to you.

eriksl commented 5 years ago

Working on it right now!

Buffer overflow = bug = security risk Buffer truncation = unavoidable limitation = no security risk

So rather relevant imho.

WanWizard commented 5 years ago

Ok. This one can be closed then.

eriksl commented 5 years ago

Fixed otherwise. Changed fixed buffer size of 1024 to variable buffers of 2 * 64 bytes (which is enough for us). In the process, get rid of fgets with it's not always preferred behaviour.

commit dd431f92e421b7096c2fa77657e35451edf8119a (HEAD -> master, origin/master, origin/HEAD) Author: Erik Slagter erik@openpli.org Date: 4 minutes ago