diff options
| author | Qu Chen <quchen@amazon.com> | 2022-08-13 12:27:07 -0700 |
|---|---|---|
| committer | dormando <dormando@rydia.net> | 2022-08-24 22:35:33 -0700 |
| commit | cfe751ef9fa05b19ec70d4314718d1b3df23f38c (patch) | |
| tree | a1771d8aded8da0f3fd0319ee4d7d642bce643af /memcached.c | |
| parent | 4c919bd2e7eae0cc436c62780fd6294f028b3525 (diff) | |
| download | memcached-cfe751ef9fa05b19ec70d4314718d1b3df23f38c.tar.gz | |
Do memory bound check for some C string operations
Diffstat (limited to 'memcached.c')
| -rw-r--r-- | memcached.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/memcached.c b/memcached.c index c9084f8..0c1e756 100644 --- a/memcached.c +++ b/memcached.c @@ -2056,7 +2056,7 @@ static inline void get_conn_text(const conn *c, const int af, &((struct sockaddr_in6 *)sock_addr)->sin6_addr, addr_text + 1, sizeof(addr_text) - 2)) { - strcat(addr_text, "]"); + strncat(addr_text, "]", 1); } port = ntohs(((struct sockaddr_in6 *)sock_addr)->sin6_port); protoname = IS_UDP(c->transport) ? "udp6" : "tcp6"; @@ -2098,21 +2098,21 @@ static inline void get_conn_text(const conn *c, const int af, * has no peer socket address, but there's no portable way * to tell for sure. */ - sprintf(addr_text, "<AF %d>", af); + snprintf(addr_text, MAXPATHLEN, "<AF %d>", af); } if (port) { - sprintf(addr, "%s:%s:%u", protoname, addr_text, port); + snprintf(addr, MAXPATHLEN + 11, "%s:%s:%u", protoname, addr_text, port); } else { - sprintf(addr, "%s:%s", protoname, addr_text); + snprintf(addr, MAXPATHLEN + 11, "%s:%s", protoname, addr_text); } } static void conn_to_str(const conn *c, char *addr, char *svr_addr) { if (!c) { - strcpy(addr, "<null>"); + memcpy(addr, "<null>", 6); } else if (c->state == conn_closed) { - strcpy(addr, "<closed>"); + memcpy(addr, "<closed>", 8); } else { struct sockaddr_in6 local_addr; struct sockaddr *sock_addr = (void *)&c->request_addr; @@ -2145,9 +2145,11 @@ void process_stats_conns(ADD_STAT add_stats, void *c) { int i; char key_str[STAT_KEY_LEN]; char val_str[STAT_VAL_LEN]; - size_t extras_len = sizeof("unix:") + sizeof("65535"); + size_t extras_len = sizeof(":unix:") + sizeof("65535"); char addr[MAXPATHLEN + extras_len]; char svr_addr[MAXPATHLEN + extras_len]; + memset(addr, 0, sizeof(addr)); + memset(svr_addr, 0, sizeof(svr_addr)); int klen = 0, vlen = 0; assert(add_stats); |