[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-developers] [belle-sip PATCH 2/2] Fix buffer overflow in belle
From: |
James Cowgill |
Subject: |
[Linphone-developers] [belle-sip PATCH 2/2] Fix buffer overflow in belle_sip_header_date_get_time |
Date: |
Mon, 7 Dec 2015 20:50:47 +0000 |
The width field in a sscanf format DOES NOT include the terminating null byte
which sscanf always writes.
---
src/belle_sip_headers_impl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/belle_sip_headers_impl.c b/src/belle_sip_headers_impl.c
index 8842f90..eb44bdc 100644
--- a/src/belle_sip_headers_impl.c
+++ b/src/belle_sip_headers_impl.c
@@ -1680,7 +1680,7 @@ BELLESIP_EXPORT time_t
belle_sip_header_date_get_time(belle_sip_header_date_t *o
/* time headers are in GMT as spec says */
- sscanf(obj->date,"%3c,%d %16s %d %d:%d:%d",tmp1,&ret.tm_mday,tmp2,
+ sscanf(obj->date,"%3c,%d %15s %d %d:%d:%d",tmp1,&ret.tm_mday,tmp2,
&ret.tm_year,&ret.tm_hour,&ret.tm_min,&ret.tm_sec);
ret.tm_year-=1900;
for(i=0;i<7;i++) {
--
2.6.2