[Linphone-developers] [belle-sip PATCH 2/2] Fix buffer overflow in belle

linphone-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linphone-developers] [belle-sip PATCH 2/2] Fix buffer overflow in belle

From:	James Cowgill
Subject:	[Linphone-developers] [belle-sip PATCH 2/2] Fix buffer overflow in belle_sip_header_date_get_time
Date:	Mon, 7 Dec 2015 20:50:47 +0000

The width field in a sscanf format DOES NOT include the terminating null byte
which sscanf always writes.
---
 src/belle_sip_headers_impl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/belle_sip_headers_impl.c b/src/belle_sip_headers_impl.c
index 8842f90..eb44bdc 100644
--- a/src/belle_sip_headers_impl.c
+++ b/src/belle_sip_headers_impl.c
@@ -1680,7 +1680,7 @@ BELLESIP_EXPORT time_t 
belle_sip_header_date_get_time(belle_sip_header_date_t *o
 
 
        /* time headers are in GMT as spec says */
-       sscanf(obj->date,"%3c,%d %16s %d %d:%d:%d",tmp1,&ret.tm_mday,tmp2,
+       sscanf(obj->date,"%3c,%d %15s %d %d:%d:%d",tmp1,&ret.tm_mday,tmp2,
                &ret.tm_year,&ret.tm_hour,&ret.tm_min,&ret.tm_sec);
        ret.tm_year-=1900;
        for(i=0;i<7;i++) {
-- 
2.6.2

[Prev in Thread]

Current Thread

[Next in Thread]

[Linphone-developers] [belle-sip PATCH 0/2] Bugfixes found using ASAN / UBSAN, James Cowgill, 2015/12/07
- [Linphone-developers] [belle-sip PATCH 1/2] Fix undefined shift to unrepresentable value in dns.c, James Cowgill, 2015/12/07
- [Linphone-developers] [belle-sip PATCH 2/2] Fix buffer overflow in belle_sip_header_date_get_time, James Cowgill <=

Prev by Date: [Linphone-developers] [belle-sip PATCH 0/2] Bugfixes found using ASAN / UBSAN
Next by Date: Re: [Linphone-developers] Need help in starting with Linphone-wp
Previous by thread: [Linphone-developers] [belle-sip PATCH 1/2] Fix undefined shift to unrepresentable value in dns.c
Next by thread: [Linphone-developers] [bzrtp PATCH] Fix buffer overflow in bzrtpParserTest.c
Index(es):
- Date
- Thread