isc_mem_get question/bug
Joshua Rogers
megamansec at gmail.com
Thu Nov 6 17:20:46 UTC 2014
Hi,
in dnssec-signzone.c, this code appears:
> filenamelen = strlen(prefix) + strlen(namestr);
> if (dsdir != NULL)
> filenamelen += strlen(dsdir) + 1;
> filename = isc_mem_get(mctx, filenamelen + 1);
> if (filename == NULL)
> fatal("out of memory");
> if (dsdir != NULL)
> sprintf(filename, "%s/", dsdir);
The last line, "sprintf(filename, "%s/", dsdir);".
Since "/" is also added to the buffer, doesn't that mean the buffer will
be overflowed by one byte if the dsdir is full?
Thanks,
--
-- Joshua Rogers <https://internot.info/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141107/f623b73d/attachment.bin>
More information about the bind-users
mailing list