Potential buffer overflow in ad (extractor)
By Jzachwieja,
It's nothing major but Open Build System is flagging a potential issue in
server/contrib/extractor/libmpq/parser.cpp:278
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: mangos-one-server bufferoverflowstrncat /usr/src/packages/BUILD/mangos-one-server-git20130413/server/contrib/extractor/libmpq/parser.cpp:278
Perhaps a patch like this would work?
--- server/contrib/extractor/libmpq/parser.cpp 2013-04-13 11:31:10.000000000 +0100
+++ server/contrib/extractor/libmpq/parser.cpp.new 2013-04-13 13:49:04.331002196 +0100
@@ -275,7 +275,7 @@
/* add dummy option to use with libmpq_conf_parse_line() */
strncpy(temp, "MPQ_BUFFER = ", LIBMPQ_CONF_BUFSIZE);
- strncat(temp, line, LIBMPQ_CONF_BUFSIZE);
+ strncat(temp, line, LIBMPQ_CONF_BUFSIZE-strlen(temp)-1);
found = libmpq_conf_parse_line(temp, "MPQ_BUFFER", temp, LIBMPQ_CONF_BUFSIZE);
if (found == 1)
It builds. Don't know if runs. ;)
jzachwieja referenced this issue in mangoszero/server a year ago
[URL="https://github.com/mangoszero/server/issues/40"]Issue #40: Potential buffer overflow in ad(extractor) [/URL]
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now