gfwleak/zhangyang-libzt
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed potential stack corruption with sprintf

Browse Source 
string representation of _nwid itself could take up 16 bytes,
so 17 is definitely not enough for this format string.
snprintf is used as a panic check for future changes,
so we could get a truncated string instead of stack corruption.
This commit is contained in:
Piotr Sarna
2017-08-25 16:33:06 +02:00
parent a723c70feb
commit f58b6152f3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/VirtualTap.cpp
View File

@@ -97,9 +97,9 @@ namespace ZeroTier {
{ {
vtaps.push_back((void*)this); vtaps.push_back((void*)this);
// set interface name // set interface name
char tmp3[17]; char tmp3[64];
ifindex = devno; ifindex = devno;
sprintf(tmp3, "libzt%d-%lx", devno++, _nwid); snprintf(tmp3, 64, "libzt%d-%lx", devno++, _nwid);
_dev = tmp3; _dev = tmp3;
DEBUG_INFO("set VirtualTap interface name to: %s", _dev.c_str()); DEBUG_INFO("set VirtualTap interface name to: %s", _dev.c_str());
_thread = Thread::start(this); _thread = Thread::start(this);