File: sprintf_overflow

package info (click to toggle)
binkd 1.1a-111-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,500 kB
  • sloc: ansic: 22,959; makefile: 1,113; perl: 369; sh: 325
file content (22 lines) | stat: -rw-r--r-- 618 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
--- a/readcfg.c
+++ b/readcfg.c
@@ -2034,7 +2034,7 @@ static char *describe_addrtype(addrtype
 #ifdef BW_LIM
 char *describe_rate(long rate)
 {
-  static char buf[12];
+  static char buf[20];
   int c;
   if (rate == 0) return "-";
   else if (rate < 0) c = sprintf(buf, "%ld%%", -rate);
--- a/client.c
+++ b/client.c
@@ -369,7 +369,7 @@ static int call0 (FTN_NODE *node, BINKD_
   if (use_proxy)
   {
     char *sp, *sport;
-    strncpy(host, proxy[0] ? proxy : socks, sizeof(host));
+    strncpy(host, proxy[0] ? proxy : socks, sizeof(host) - 1);
     if ((sp=strchr(host, ':')) != NULL)
     {
       *sp++ = '\0';