replace strlen() call with strnlen() and MAX_SPA_ENCODED_MSG_SIZE bound

author Michael Rash <mbr@cipherdyne.org>

Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)

committer Michael Rash <mbr@cipherdyne.org>

Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)
author Michael Rash <mbr@cipherdyne.org>
Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)
committer Michael Rash <mbr@cipherdyne.org>
Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)
diff --git a/lib/fko_encode.c b/lib/fko_encode.c

index 2adb42f..5a28b6e 100644 (file)
--- a/lib/fko_encode.c
+++ b/lib/fko_encode.c
@@ -41,9 +41,12 @@
 static int
 append_b64(char* tbuf, char *str)
 {
-    int   len = strlen(str);
+    int   len = strnlen(str, MAX_SPA_ENCODED_MSG_SIZE);
     char *bs;
 
+    if(len >= MAX_SPA_ENCODED_MSG_SIZE)
+        return(FKO_ERROR_INVALID_DATA);
+
     bs = malloc(((len/3)*4)+8);
     if(bs == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
author	Michael Rash <mbr@cipherdyne.org>
	Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)
committer	Michael Rash <mbr@cipherdyne.org>
	Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)