← Back to Users
kirby81_it's activity in the archive.
argv[2] gets strcat-ted with DEVICE_PREFIX: DEVICE_PREFIX = "/dev/" strcpy( &myDeviceName[0], DEVICE_PREFIX ); strcat( &myDeviceName[0], argv[2] ); and myDeviceName is declared as a 0..255 array. So the right check should be: myDeviceLength > 250 Even worse, there's the following code after the strcpy-strcat couple: strcpy( &myRawDeviceName[0], RAW_DEVICE_PREFIX ); strcat( &myRawDeviceName[0], argv[2] ); and RAW_DEVICE_PREFIX = "/dev/r" myDeviceLenght should not be more than 249 character long. So the right code should be: myDeviceLength = strlen( argv[2] ); // Added check for lengths of myDeviceName over 255 chars; 16/12/2003 Namu if (( myDeviceLength < 2 ) || (myDeviceLength > 249)) { goto ExitThisRoutine; }
Slashdot Mirror
argv[2] gets strcat-ted with DEVICE_PREFIX:
// Added check for lengths of myDeviceName over 255 chars; 16/12/2003 Namu
DEVICE_PREFIX = "/dev/"
strcpy( &myDeviceName[0], DEVICE_PREFIX );
strcat( &myDeviceName[0], argv[2] );
and myDeviceName is declared as a 0..255 array.
So the right check should be:
myDeviceLength > 250
Even worse, there's the following code after the strcpy-strcat couple:
strcpy( &myRawDeviceName[0], RAW_DEVICE_PREFIX );
strcat( &myRawDeviceName[0], argv[2] );
and
RAW_DEVICE_PREFIX = "/dev/r"
myDeviceLenght should not be more than 249 character long.
So the right code should be:
myDeviceLength = strlen( argv[2] );
if (( myDeviceLength < 2 ) || (myDeviceLength > 249))
{
goto ExitThisRoutine;
}