From 7297cb3791a83a10ca3f5018f5e1d53e63bcc77b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Zurcher?= Date: Thu, 31 May 2012 16:50:29 +0200 Subject: update_link_value: add buffer overflow detection, set link_value to NULL when no string --- src/lib/eiotas_particle.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/lib/eiotas_particle.c b/src/lib/eiotas_particle.c index cf92aaa..be453e6 100644 --- a/src/lib/eiotas_particle.c +++ b/src/lib/eiotas_particle.c @@ -180,7 +180,7 @@ EAPI Eina_Bool eiotas_particle_data_del(Eiotas_Particle *particle, const char* k static void update_link_value(Eiotas_Particle *particle, const char *field) { unsigned int i; - unsigned int l; + unsigned int l,t; Eina_Stringshare *k; Eina_Stringshare *v; Eina_Array_Iterator it; @@ -189,6 +189,7 @@ static void update_link_value(Eiotas_Particle *particle, const char *field) char *dst; if(field!=NULL) { + /* check if link_value has to be updated */ update = EINA_FALSE; EINA_ARRAY_ITER_NEXT(particle->link_fields, i, k, it) { if(strcmp(field,k)==0) { @@ -199,18 +200,24 @@ static void update_link_value(Eiotas_Particle *particle, const char *field) if(!update) return; } - if(particle->link_value) eina_stringshare_del(particle->link_value); - + t = 1; dst = tmp; EINA_ARRAY_ITER_NEXT(particle->link_fields, i, k, it) { v = eina_hash_find(particle->payload,k); if(v!=NULL) { l = strlen(v); - strcpy(dst,v); + t += l; + if(t>EIOTAS_MAX_VALUE_LENGTH) { + ERR("buffer overflow (%d>%d) link_value untouched",t,EIOTAS_MAX_VALUE_LENGTH); + return; + } + memcpy(dst,v,l); dst += l; } } *dst='\0'; - particle->link_value = eina_stringshare_add(tmp); + + if(particle->link_value) eina_stringshare_del(particle->link_value); + particle->link_value = ( (t==1) ? NULL : eina_stringshare_add(tmp) ); } -- cgit v1.1-2-g2b99