diff options
author | Salvatore Sanfilippo <antirez@gmail.com> | 2020-02-27 17:45:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-27 17:45:02 +0100 |
commit | ec73881a4d8a030867f901c974a109e4c8d073ac (patch) | |
tree | 4a359635d816e549467e72f8f66d4a1035a366bd /src/config.c | |
parent | d8ab7e8012771ebcc4dbdc988ce84f7df57688c7 (diff) | |
parent | 1d4ea00d12885108d936b76cd31097dc4894f5ca (diff) | |
download | redis-ec73881a4d8a030867f901c974a109e4c8d073ac.tar.gz |
Merge pull request #6778 from pponnuvel/fix_possible_overflow
Fix a potential overflow with strncpy
Diffstat (limited to 'src/config.c')
-rw-r--r-- | src/config.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/config.c b/src/config.c index d55d1f8b5..5841ae7a0 100644 --- a/src/config.c +++ b/src/config.c @@ -108,12 +108,12 @@ clientBufferLimitsConfig clientBufferLimitsDefaults[CLIENT_TYPE_OBUF_COUNT] = { /* Generic config infrastructure function pointers * int is_valid_fn(val, err) * Return 1 when val is valid, and 0 when invalid. - * Optionslly set err to a static error string. + * Optionally set err to a static error string. * int update_fn(val, prev, err) * This function is called only for CONFIG SET command (not at config file parsing) * It is called after the actual config is applied, * Return 1 for success, and 0 for failure. - * Optionslly set err to a static error string. + * Optionally set err to a static error string. * On failure the config change will be reverted. */ @@ -729,7 +729,7 @@ void configSetCommand(client *c) { * config_set_memory_field(name,var) */ } config_set_memory_field( "client-query-buffer-limit",server.client_max_querybuf_len) { - /* Everyhing else is an error... */ + /* Everything else is an error... */ } config_set_else { addReplyErrorFormat(c,"Unsupported CONFIG parameter: %s", (char*)c->argv[2]->ptr); @@ -1673,9 +1673,9 @@ static int enumConfigSet(typeData data, sds value, int update, char **err) { enumerr[sdslen(enumerr) - 2] = '\0'; - /* Make sure we don't overrun the fixed buffer */ - enumerr[LOADBUF_SIZE - 1] = '\0'; strncpy(loadbuf, enumerr, LOADBUF_SIZE); + /* strncpy does not if null terminate if source string length is >= destination buffer. */ + loadbuf[LOADBUF_SIZE - 1] = '\0'; sdsfree(enumerr); *err = loadbuf; |