From a97b87da68cec6f56a1ae1945f647ffa43e4a654 Mon Sep 17 00:00:00 2001 From: Davide Beatrici Date: Mon, 21 Jan 2019 03:58:29 +0100 Subject: [PATCH] Cedar/Admin.c: fix segmentation fault caused by non-initialized string in StGetServerCipherList() StrCat() appends a string to an already existing string. In order to know where the existing string ends, it uses StrLen() which in turn uses strlen(), a function considered unsafe because it doesn't stop until it finds the null character. Since the string was allocated but not initialized, StrCat() was either: - Working correctly. - Copying only a part of the string. - Making the program crash via strlen(). The fix consists in using StrCpy(), which starts writing at the beginning of the string. --- src/Cedar/Admin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index 070e687e..72833cd1 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -8156,7 +8156,7 @@ UINT StGetServerCipherList(ADMIN *a, RPC_STR *t) { UINT size = StrSize(ciphers->Token[0]); t->String = Malloc(size); - StrCat(t->String, size, ciphers->Token[0]); + StrCpy(t->String, size, ciphers->Token[0]); i = 1; for (; i < ciphers->NumTokens; i++)