Treat large argument as error in UpnpAddVirtualDir.
This commit is contained in:
Yoichi NAKAYAMA
parent
a0dc3482dc
commit
e4678168fa
@ -6,6 +6,7 @@ Version 1.6.16
|
|||||||
|
|
||||||
Further measures against buffer overflows.
|
Further measures against buffer overflows.
|
||||||
|
|
||||||
|
Treat large argument as error in UpnpAddVirtualDir.
|
||||||
Do not clear buffer before snprintf.
|
Do not clear buffer before snprintf.
|
||||||
|
|
||||||
2012-03-10 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>
|
2012-03-10 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>
|
||||||
|
|||||||
@ -3877,9 +3877,13 @@ int UpnpAddVirtualDir(const char *newDirName)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( *newDirName != '/' ) {
|
if( *newDirName != '/' ) {
|
||||||
|
if (strlen(newDirName) > sizeof(dirName) - 2)
|
||||||
|
return UPNP_E_INVALID_PARAM;
|
||||||
dirName[0] = '/';
|
dirName[0] = '/';
|
||||||
strncpy( dirName + 1, newDirName, sizeof( dirName ) - 2 );
|
strncpy( dirName + 1, newDirName, sizeof( dirName ) - 2 );
|
||||||
} else {
|
} else {
|
||||||
|
if (strlen(newDirName) > sizeof(dirName) - 1)
|
||||||
|
return UPNP_E_INVALID_PARAM;
|
||||||
strncpy( dirName, newDirName, sizeof( dirName ) - 1 );
|
strncpy( dirName, newDirName, sizeof( dirName ) - 1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user