dangerous sprintf( ) usage found in win_serialport_impl.c

hparra / ruby-serialport

ruby-serialport is a Ruby library that provides a class for using RS-232 serial ports

http://rubygems.org/gems/serialport

GNU General Public License v2.0

246 stars 58 forks source link

dangerous sprintf( ) usage found in win_serialport_impl.c #17

Closed asquared closed 14 years ago

asquared commented 14 years ago

The usage of sprintf( ) on lines 94 and 98 of win_serialport_impl.c is dangerous and can crash the Ruby interpreter. Conceivably, the stack buffer overflow could even be used to gain control of the ruby interpreter process. I've rewritten the code to use snprintf( ) instead, which eliminates the overflow possibility.

proof of concept: H:>irb irb(main):001:0> require 'serialport' => true irb(main):002:0> s = SerialPort.new('x'*10000)

H:>

hparra commented 14 years ago

Nice. Yes. There's also one on line 82.

hparra commented 14 years ago

I'll check for sprintf() use in POSIX.

hparra commented 14 years ago

Now found under POSIX. Confirmed working under Windows 7.