search

yuanjianjiang / doubango

Automatically exported from code.google.com/p/doubango
0 stars 0 forks source link

Buffer Overflow in tsk_strlen #452

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Turn on Address Sanitizer (new XCode 7 feature)
2. Make a call or send a message
3. ASan will catch the event as buffer overflow.

What is the expected output? What do you see instead?
Expected: Should continue working normally.
What happens: the length of the string is wrong to duplicate as strlen expects 
'\0' null terminator.

What version of the product are you using? On what operating system?
Using on iOS 8.3

Please provide any additional information below.

Similar to tsdp_header.c file -> tsdp_header_serialize method:
ret = tsk_buffer_append(output, "\r\n", 2);
should be 
ret = tsk_buffer_append(output, "\r\n\0", 3);
and all other buffer append methods for strings require the null terminator.

Original issue reported on code.google.com by rac...@voyagerinnovation.com on 19 Jun 2015 at 7:02

GoogleCodeExporter commented 9 years ago

Original comment by boss...@yahoo.fr on 19 Jun 2015 at 11:51