search

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes
0 stars 0 forks source link

isHeartBeatMsg may have a buffer overflow #118

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
In looking at isHeartBeatMsg, I noticed that when you zero out and then strncpy 
the data, that you don't take the minimum of strlen(msg) or the size of the 
array, thus if msg is larger than parseArray, then even though you specify the 
amount to copy, you could overflow

    // Zero out our local buffer.
    memset(parseArray, 0, sizeof(parseArray));
    strncpy(parseArray, msg, strlen(msg));
    tmp = parseArray;

A better idea is to take the smaller of the two strlen(msg) and 
strlen(parseArray) as the number to copy.

Original issue reported on code.google.com by sck.no...@gmail.com on 26 Nov 2012 at 10:09

GoogleCodeExporter commented 8 years ago 
This is an invalid bug, as this code is ifdefed out and not in use; it never 
gets compiled and executed.  The only reason why this code is kept is to later 
explore for better implementation.

Marking this bug invalid,
ravi.

Original comment by ravt...@gmail.com on 27 Nov 2012 at 1:43