Change in ...libosmocore[master]: vty/vty.c: fix vty_read(): prevent further heap-buffer overrun

historical

neels has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/14973 )

Change subject: vty/vty.c: fix vty_read(): prevent further heap-buffer overrun
......................................................................

Patch Set 3:

(1 comment)

https://gerrit.osmocom.org/#/c/14973/3/src/vty/vty.c 
File src/vty/vty.c:

https://gerrit.osmocom.org/#/c/14973/3/src/vty/vty.c@1420 
PS3, Line 1420: 			vty->buf[vty->length] = '\0';
While this might be correct, I wonder if there is a better place for this.
Usually I would expect stuff written to vty->buf and some range checks and assignment to vty->length right before this. Reading this here seems out of context: I don't see any vty->buf or vty->length used in this function. Where is the vty->buf filled with vty->length nr of characters?

If there is no single place like that, maybe it would make sense to put this nul termination into vty_execute()?

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/14973
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I82f774ad18d0e555eb8f3590a519946d9c583c78
Gerrit-Change-Number: 14973
Gerrit-PatchSet: 3
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: laforge <laforge at gnumonks.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-CC: neels <nhofmeyr at sysmocom.de>
Gerrit-Comment-Date: Tue, 30 Jul 2019 16:47:46 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190730/feb9fff4/attachment.htm>