common: Fix heap buffer overflow in do_request

author Brad Hubbard <bhubbard@redhat.com>

Tue, 28 Mar 2017 03:16:43 +0000 (13:16 +1000)

committer Brad Hubbard <bhubbard@redhat.com>

Tue, 28 Mar 2017 07:28:18 +0000 (17:28 +1000)
author Brad Hubbard <bhubbard@redhat.com>
Tue, 28 Mar 2017 03:16:43 +0000 (13:16 +1000)
committer Brad Hubbard <bhubbard@redhat.com>
Tue, 28 Mar 2017 07:28:18 +0000 (17:28 +1000)
diff --git a/src/common/admin_socket_client.cc b/src/common/admin_socket_client.cc

index 8750560289594650c0c74479d81ead00e064602d..31346b98ce6dc1b16a557c2140a5f103a66ea523 100644 (file)
--- a/src/common/admin_socket_client.cc
+++ b/src/common/admin_socket_client.cc
@@ -138,8 +138,7 @@ std::string AdminSocketClient::ping(bool *ok)
  std::string AdminSocketClient::do_request(std::string request, std::string *result)
  {
    int socket_fd = 0, res;
-  std::vector<uint8_t> vec(65536, 0);
-  uint8_t *buffer = &vec[0];
+  std::string buffer;
    uint32_t message_size_raw, message_size;
  
    std::string err = asok_connect(m_path, &socket_fd);
@@ -161,7 +160,8 @@ std::string AdminSocketClient::do_request(std::string request, std::string *resu
      goto done;
    }
    message_size = ntohl(message_size_raw);
-  res = safe_read_exact(socket_fd, buffer, message_size);
+  buffer.resize(message_size, 0);
+  res = safe_read_exact(socket_fd, &buffer[0], message_size);
    if (res < 0) {
      int e = res;
      ostringstream oss;
@@ -169,8 +169,8 @@ std::string AdminSocketClient::do_request(std::string request, std::string *resu
      err = oss.str();
      goto done;
    }
-  //printf("MESSAGE FROM SERVER: %s\n", buffer);
-  result->assign((const char*)buffer);
+  //printf("MESSAGE FROM SERVER: %s\n", buffer.c_str());
+  std::swap(*result, buffer);
  done:
    close(socket_fd);
   out:
author	Brad Hubbard <bhubbard@redhat.com>
	Tue, 28 Mar 2017 03:16:43 +0000 (13:16 +1000)
committer	Brad Hubbard <bhubbard@redhat.com>
	Tue, 28 Mar 2017 07:28:18 +0000 (17:28 +1000)