deac/osd-contiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
osd-contiki/core
History
Joakim Gebart 24d15ad9a5 core/net/ip: Prevent (tiny) buffer overflow in resolv_found() 
An off-by-one error in resolv_found() could make an strncat() call
overflow by the terminating null byte.

When building with Clang the following warning was shown:

../../../core/net/ip/resolv.c:1458:17: warning: the value of the
      size argument in 'strncat' is too large, might lead to a
      buffer overflow [-Wstrncat-size]
                sizeof(resolv_hostname) - strlen(resolv_hostname));
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../core/net/ip/resolv.c:1458:17: note: change the argument to
      be the free space in the destination buffer minus the
      terminating null byte
                sizeof(resolv_hostname) - strlen(resolv_hostname));
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                sizeof(resolv_hostname) - strlen(resolv_hostname) - 1

Signed-off-by: Joakim Gebart <joakim.gebart@eistec.se>
2014-10-02 12:52:39 +02:00
..
cfs Do not copy more bytes than the filename string contains. 2014-06-11 14:10:00 +02:00
ctk Moved the ctk files from core/lib into core/lib/ and core/lib/libconio 2014-01-26 23:20:46 +01:00
dev Merge pull request #511 from ADVANSEE/leds 2014-06-11 22:37:34 +02:00
lib Merge pull request #612 from nfi/assert 2014-06-11 15:43:17 +02:00
loader Changed the parameter 'char * data' of process_start to the 2014-06-12 13:40:28 +02:00
net core/net/ip: Prevent (tiny) buffer overflow in resolv_found() 2014-10-02 12:52:39 +02:00
sys Merge pull request #722 from royscheefhals/contiki-fix 2014-07-28 22:04:36 +02:00
contiki-default-conf.h Add UIP_CONF_ND6_SEND_NA to contiki-default-conf.h 2014-05-05 19:52:52 +02:00
contiki-lib.h A massive all-tree automated update of all double inclusion guard #defines that changes from using two underscores as a prefix, which are reserved, to not using two underscores as a prefix 2013-11-24 20:20:11 +01:00
contiki-net.h Include udp-socket.h and tcp-socket.h by default in all applications that include contiki-net.h 2014-04-09 22:01:18 +02:00
contiki-version.h Bumped the version number from 2.6 to 3.x, which is to be used in the development branch 2013-12-12 17:33:18 +01:00
contiki.h A massive all-tree automated update of all double inclusion guard #defines that changes from using two underscores as a prefix, which are reserved, to not using two underscores as a prefix 2013-11-24 20:20:11 +01:00