generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Replace sprintf by snprintf in http_WriteHttpPost

Browse Source 
Replace sprintf by snprintf in http_WriteHttpPost to avoid buffer
overflow.
This commit is contained in:
Fabrice Fontaine 2012-03-18 16:14:41 +01:00
parent e13ffe3bf8
commit a04c36f47e
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -2,6 +2,13 @@
Version 1.6.16
*******************************************************************************
2012-03-18 Fabrice Fontaine <fabrice.fontaine(at)orange.com>
Replace sprintf by snprintf in http_WriteHttpPost
Replace sprintf by snprintf in http_WriteHttpPost to avoid buffer
overflow.
2012-03-18 Fabrice Fontaine <fabrice.fontaine(at)orange.com>
Add infoSize parameter to get_sdk_info

8
upnp/src/genlib/net/http/httpreadwrite.c
View File

@ -875,13 +875,13 @@ int http_WriteHttpPost( IN void *Handle,
}
if (handle->contentLength == UPNP_USING_CHUNKED) {
if (*size) {
size_t tempSize = (size_t)0;
tempbuf = malloc(*size +
CHUNK_HEADER_SIZE + CHUNK_TAIL_SIZE);
size_t tempSize = *size +
CHUNK_HEADER_SIZE + CHUNK_TAIL_SIZE;
tempbuf = malloc(tempSize);
if (!tempbuf)
return UPNP_E_OUTOF_MEMORY;
/* begin chunk */
sprintf(tempbuf, "%" PRIzx "\r\n", *size);
snprintf(tempbuf, tempSize, "%" PRIzx "\r\n", *size);
tempSize = strlen(tempbuf);
memcpy(tempbuf + tempSize, buf, *size);
memcpy(tempbuf + tempSize + *size, "\r\n", (size_t)2);