diff options
author | not-a-robot <not-a-robot@rediger.net> | 2016-04-20 15:31:23 +0200 |
---|---|---|
committer | not-a-robot <not-a-robot@rediger.net> | 2016-04-20 15:31:23 +0200 |
commit | 36bddcf6ed31c9ce4fa3f1b6b88275a801d78bc1 (patch) | |
tree | 1d730bd7081c665343e20fa2edfea4b8c5d94765 | |
parent | 2139f78c71a9ebfcfad27d8e7d5b6689d95aee78 (diff) | |
parent | 0335cb3e98483511a20f8576f61e6abca5c2a98d (diff) |
Auto merge of #391 - redis:catch-error-buf-overflow, r=badboy
Prevent buffer overflow when formatting the error
strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte).
Also strncat appends after the first found nul byte. But all we pass is
a buffer we might not have zeroed out already.
Closes #380
-rw-r--r-- | hiredis.h | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -98,8 +98,8 @@ * then GNU strerror_r returned an internal static buffer and we \ * need to copy the result into our private buffer. */ \ if (err_str != (buf)) { \ - buf[(len)] = '\0'; \ - strncat((buf), err_str, ((len) - 1)); \ + strncpy((buf), err_str, ((len) - 1)); \ + buf[(len)-1] = '\0'; \ } \ } while (0) #endif |