Change in ...libosmocore[master]: vty/vty.c: fix vty_read(): prevent further heap-buffer overrun

historical

Vadim Yanitskiy has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/14973 )

Change subject: vty/vty.c: fix vty_read(): prevent further heap-buffer overrun
......................................................................

Patch Set 2:

(1 comment)

https://gerrit.osmocom.org/#/c/14973/2/src/vty/vty.c 
File src/vty/vty.c:

https://gerrit.osmocom.org/#/c/14973/2/src/vty/vty.c@1420 
PS2, Line 1420: 			vty->buf[vty->length] = '\0';
> Just wondering if this affects other functions called in other cases of this switch statement...
Other cases are mostly about handling the control commands, such as Ctrl + D, Ctrl + W, etc. They don't use the buffer pointed by vty->buf. Excluding the cases below: auto-completion and interactive help. They both call cmd_make_strvec(), which seems to be safe against non-terminated input. At least I don't see any warnings from ASAN.

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/14973
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I82f774ad18d0e555eb8f3590a519946d9c583c78
Gerrit-Change-Number: 14973
Gerrit-PatchSet: 2
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: laforge <laforge at gnumonks.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-Comment-Date: Tue, 30 Jul 2019 12:01:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: pespin <pespin at sysmocom.de>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190730/cf717802/attachment.htm>