]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d3e1782)
objclass/class_api.cc: fix buffer out-of-bounds access
authorDanny Al-Gaaf <danny.al-gaaf@bisect.de>
Tue, 9 Jun 2015 14:14:53 +0000 (16:14 +0200)
committerDanny Al-Gaaf <danny.al-gaaf@bisect.de>
Fri, 17 Jul 2015 08:50:08 +0000 (10:50 +0200)
Fix for:

CID 1297864 (#1 of 1): Out-of-bounds access (OVERRUN)
 overrun-buffer-arg: Overrunning array buf of 25 bytes by passing
  it to a function which accesses it at byte offset 25 using
  argument 25.
 cls_gen_rand_base64(): index_parm: Pointer dest is directly
  accessed by indexing it with size.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
src/objclass/class_api.cc patch | blob | history

diff --git a/src/objclass/class_api.cc b/src/objclass/class_api.cc
index 46a8ff54367e195437dee853efeccf79bc4631e8..5137448292b9cee3afc06db053ef11483804058f 100644 (file)
--- a/src/objclass/class_api.cc
+++ b/src/objclass/class_api.cc
@@ -573,7 +573,7 @@ int cls_gen_rand_base64(char *dest, int size) /* size should be the required str
   }
   tmp_dest[ret] = '\0';
   memcpy(dest, tmp_dest, size);
-  dest[size] = '\0';
+  dest[size-1] = '\0';
 
   return 0;
 }
Unnamed repository; edit this file 'description' to name the repository.