replace strlen() call with strnlen() and MAX_SPA_ENCODED_MSG_SIZE bound
authorMichael Rash <mbr@cipherdyne.org>
Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Fri, 27 Jul 2012 06:06:58 +0000 (02:06 -0400)
lib/fko_encode.c

index 2adb42f..5a28b6e 100644 (file)
 static int
 append_b64(char* tbuf, char *str)
 {
-    int   len = strlen(str);
+    int   len = strnlen(str, MAX_SPA_ENCODED_MSG_SIZE);
     char *bs;
 
+    if(len >= MAX_SPA_ENCODED_MSG_SIZE)
+        return(FKO_ERROR_INVALID_DATA);
+
     bs = malloc(((len/3)*4)+8);
     if(bs == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);