From d7393318189ace0a154823b359eb746aa0b36d94 Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Thu, 30 Aug 2012 23:38:54 -0400 Subject: [PATCH] implemented a couple of minor stronger bounds checks --- client/config_init.c | 5 +++++ client/http_resolve_host.c | 6 +++--- client/spa_comm.c | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/client/config_init.c b/client/config_init.c index 9e04bcc..5c001fc 100644 --- a/client/config_init.c +++ b/client/config_init.c @@ -88,6 +88,11 @@ parse_time_offset(const char *offset_str) if (isdigit(offset_str[i])) { offset_digits[j] = offset_str[i]; j++; + if(j >= MAX_TIME_STR_LEN) + { + fprintf(stderr, "Invalid time offset: %s", offset_str); + exit(EXIT_FAILURE); + } } else if (offset_str[i] == 'm' || offset_str[i] == 'M') { offset_type = TIME_OFFSET_MINUTES; break; diff --git a/client/http_resolve_host.c b/client/http_resolve_host.c index 4eaa539..e2a61f8 100644 --- a/client/http_resolve_host.c +++ b/client/http_resolve_host.c @@ -46,9 +46,9 @@ struct url { - char port[6]; - char host[256]; - char path[1024]; + char port[MAX_PORT_STR_LEN]; + char host[MAX_URL_HOST_LEN+1]; + char path[MAX_URL_PATH_LEN+1]; }; static int diff --git a/client/spa_comm.c b/client/spa_comm.c index 7d70cee..53ba1a3 100644 --- a/client/spa_comm.c +++ b/client/spa_comm.c @@ -147,7 +147,7 @@ send_spa_packet_tcp_or_udp(const char *spa_data, const int sd_len, hints.ai_protocol = IPPROTO_TCP; } - sprintf(port_str, "%d", options->spa_dst_port); + snprintf(port_str, MAX_PORT_STR_LEN, "%d", options->spa_dst_port); error = getaddrinfo(options->spa_server_str, port_str, &hints, &result); -- 1.7.5.4