Techwizz/pvpgn-server
1
0
Fork 0
Code Issues 68 Pull requests 2 Projects Releases 8 Packages Wiki Activity Actions

Pass 'sizeof(mybuf) - 1' as the size of 'mybuf' in get_cmd_line().

Browse source 
This fixes an out-of-bounds access when recv() writes exactly 256 bytes into 'mybuf' and the subsequent code accesses or writes to the byte following the end of the 'mybuf' array.
This commit is contained in:
relesgoe 2021-03-16 17:53:10 -07:00
parent b01c4f661d
commit 3b74b2d1d6
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/d2gs/telnetd.cpp
View file

@ -424,7 +424,7 @@ namespace pvpgn
continue; continue;
} }
if (admin_to_stop()) return -1; if (admin_to_stop()) return -1;
if ((bytes=recv(ns, mybuf, sizeof(mybuf), 0))<=0) if ((bytes=recv(ns, mybuf, sizeof(mybuf) - 1, 0))<=0)
return -1; return -1;
timeoutcount = 0; timeoutcount = 0;
*(mybuf+bytes) = '\0'; *(mybuf+bytes) = '\0';