diff options
| author | Jan-Erik Rediger <janerik@fnordig.de> | 2015-11-18 14:36:52 +0100 |
|---|---|---|
| committer | Jan-Erik Rediger <janerik@fnordig.de> | 2015-11-18 14:37:47 +0100 |
| commit | 0335cb3e98483511a20f8576f61e6abca5c2a98d (patch) | |
| tree | c9c2de002208d7de97a7fffdbb7f8f0d5072c77a | |
| parent | 4b3786d57edb9bfb22a0442536b0b41d9a93eb69 (diff) | |
Prevent buffer overflow when formatting the error
strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte).
Also strncat appends after the first found nul byte. But all we pass is
a buffer we might not have zeroed out already.
Closes #380
| -rw-r--r-- | hiredis.h | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -98,8 +98,8 @@ * then GNU strerror_r returned an internal static buffer and we \ * need to copy the result into our private buffer. */ \ if (err_str != (buf)) { \ - buf[(len)] = '\0'; \ - strncat((buf), err_str, ((len) - 1)); \ + strncpy((buf), err_str, ((len) - 1)); \ + buf[(len)-1] = '\0'; \ } \ } while (0) #endif |