mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Cedar/Admin.c: fix segmentation fault caused by non-initialized string in StGetServerCipherList()
StrCat() appends a string to an already existing string. In order to know where the existing string ends, it uses StrLen() which in turn uses strlen(), a function considered unsafe because it doesn't stop until it finds the null character. Since the string was allocated but not initialized, StrCat() was either: - Working correctly. - Copying only a part of the string. - Making the program crash via strlen(). The fix consists in using StrCpy(), which starts writing at the beginning of the string.
This commit is contained in:
parent
09ee19e72b
commit
a97b87da68
@ -8156,7 +8156,7 @@ UINT StGetServerCipherList(ADMIN *a, RPC_STR *t)
|
|||||||
{
|
{
|
||||||
UINT size = StrSize(ciphers->Token[0]);
|
UINT size = StrSize(ciphers->Token[0]);
|
||||||
t->String = Malloc(size);
|
t->String = Malloc(size);
|
||||||
StrCat(t->String, size, ciphers->Token[0]);
|
StrCpy(t->String, size, ciphers->Token[0]);
|
||||||
i = 1;
|
i = 1;
|
||||||
|
|
||||||
for (; i < ciphers->NumTokens; i++)
|
for (; i < ciphers->NumTokens; i++)
|
||||||
|
Loading…
Reference in New Issue
Block a user