Auto merge of #391 - redis:catch-error-buf-overflow, r=badboy

Prevent buffer overflow when formatting the error strncat might copy n+1 bytes (n bytes from the source plus a terminating nul byte). Also strncat appends after the first found nul byte. But all we pass is a buffer we might not have zeroed out already. Closes #380
author: not-a-robot <not-a-robot@rediger.net> 2016-04-20 15:31:23 +0200
committer: not-a-robot <not-a-robot@rediger.net> 2016-04-20 15:31:23 +0200
commit: 36bddcf6ed31c9ce4fa3f1b6b88275a801d78bc1 (patch)
tree: 1d730bd7081c665343e20fa2edfea4b8c5d94765 /hiredis.h
parent: 2139f78c71a9ebfcfad27d8e7d5b6689d95aee78 (diff)
parent: 0335cb3e98483511a20f8576f61e6abca5c2a98d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/hiredis.h b/hiredis.h
index edba658..757677e 100644
--- a/hiredis.h
+++ b/hiredis.h
@@ -98,8 +98,8 @@
          * then GNU strerror_r returned an internal static buffer and we       \
          * need to copy the result into our private buffer. */                 \
         if (err_str != (buf)) {                                                \
-            buf[(len)] = '\0';                                                 \
-            strncat((buf), err_str, ((len) - 1));                              \
+            strncpy((buf), err_str, ((len) - 1));                              \
+            buf[(len)-1] = '\0';                                               \
         }                                                                      \
     } while (0)
 #endif
author	not-a-robot <not-a-robot@rediger.net>	2016-04-20 15:31:23 +0200
committer	not-a-robot <not-a-robot@rediger.net>	2016-04-20 15:31:23 +0200
commit	36bddcf6ed31c9ce4fa3f1b6b88275a801d78bc1 (patch)
tree	1d730bd7081c665343e20fa2edfea4b8c5d94765 /hiredis.h
parent	2139f78c71a9ebfcfad27d8e7d5b6689d95aee78 (diff)
parent	0335cb3e98483511a20f8576f61e6abca5c2a98d (diff)