Bad hacker - no donut!

Unbounded scanf() is bad. I know that latitude and longitude should never be more than 11 characters: 1-3 digits for degrees, 6 digits for fractions of a degree, a decimal point and possibly a minus sign. Eleven characters. Thus, we read up to 12 bytes (make room for the trailing NULL) into a 16 byte buffer (I like powers of 2).
author: Chris Kuethe <chris.kuethe@gmail.com> 2005-09-28 15:41:08 +0000
committer: Chris Kuethe <chris.kuethe@gmail.com> 2005-09-28 15:41:08 +0000
commit: a922b9b373a5fcd251a1e054056fcc45e0424a41 (patch)
tree: 93bf1e97fb8b5fa5e0679454ea6b59b66096265c /cgpxlogger.c
parent: 8d06ab86f1b4606886f721a1267a6752be47373b (diff)
download: gpsd-a922b9b373a5fcd251a1e054056fcc45e0424a41.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/cgpxlogger.c b/cgpxlogger.c
index 6675f07f..d4361a15 100644
--- a/cgpxlogger.c
+++ b/cgpxlogger.c
@@ -196,7 +196,7 @@ void bye(int signum){ want_exit = signum; }
 void process(char *buf){
 	char *answers[NUM + 2], **ap;
 	int i, j;
-	char c, junk1[32], junk2[32];
+	char c, junk1[16], junk2[16];
 
 	if (strncmp("GPSD,", buf, 5) != 0)
 		return; /* lines should start with "GPSD," */
@@ -228,9 +228,9 @@ void process(char *buf){
 			gps_ctx.status = j;
 			break;
 		case 'P':
-			bzero( &junk1, 32);
-			bzero( &junk2, 32);
-			sscanf(answers[i], "P=%s %s", (char *)&junk1, (char *)&junk2);
+			bzero( &junk1, 16);
+			bzero( &junk2, 16);
+			sscanf(answers[i], "P=%12s %12s", (char *)&junk1, (char *)&junk2);
 			gps_ctx.latitude = atof((char *)&junk1); gps_ctx.longitude = atof((char *)&junk2);
 			break;
 		case 'A':
author	Chris Kuethe <chris.kuethe@gmail.com>	2005-09-28 15:41:08 +0000
committer	Chris Kuethe <chris.kuethe@gmail.com>	2005-09-28 15:41:08 +0000
commit	a922b9b373a5fcd251a1e054056fcc45e0424a41 (patch)
tree	93bf1e97fb8b5fa5e0679454ea6b59b66096265c /cgpxlogger.c
parent	8d06ab86f1b4606886f721a1267a6752be47373b (diff)
download	gpsd-a922b9b373a5fcd251a1e054056fcc45e0424a41.tar.gz