1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Cedar/Admin.c: fix segmentation fault caused by non-initialized string in StGetServerCipherList()

StrCat() appends a string to an already existing string. In order to know where the existing string ends, it uses StrLen() which in turn uses strlen(), a function considered unsafe because it doesn't stop until it finds the null character.

Since the string was allocated but not initialized, StrCat() was either:

- Working correctly.
- Copying only a part of the string.
- Making the program crash via strlen().

The fix consists in using StrCpy(), which starts writing at the beginning of the string.
This commit is contained in:
Davide Beatrici 2019-01-21 03:58:29 +01:00
parent 09ee19e72b
commit a97b87da68

View File

@ -8156,7 +8156,7 @@ UINT StGetServerCipherList(ADMIN *a, RPC_STR *t)
{ {
UINT size = StrSize(ciphers->Token[0]); UINT size = StrSize(ciphers->Token[0]);
t->String = Malloc(size); t->String = Malloc(size);
StrCat(t->String, size, ciphers->Token[0]); StrCpy(t->String, size, ciphers->Token[0]);
i = 1; i = 1;
for (; i < ciphers->NumTokens; i++) for (; i < ciphers->NumTokens; i++)