+2005-04-23 John (J5) Palmieri <johnp@redhat.com>
+
+ * dbus/dbus-marshal-recursive-util.c: Fixed buffer overflow
+ in numerous places that did not account for the NULL terminator
+ (signature_from_seed): changed the manual string copy loop to
+ just use strcpy instead
+ make check should now pass
+
2005-04-19 John (J5) Palmieri <johnp@redhat.com>
* dbus/dbus-marshal-header.c (_dbus_header_create): Fix assert
DBusTypeWriter *writer,
int seed)
{
- char buf[MAX_SAMPLE_STRING_LEN];
+ char buf[MAX_SAMPLE_STRING_LEN + 1]="";
const char *v_string = buf;
+
string_from_seed (buf, node->klass->subclass_detail,
seed);
int seed)
{
const char *v;
- char buf[MAX_SAMPLE_STRING_LEN];
+ char buf[MAX_SAMPLE_STRING_LEN + 1];
+ v = buf;
check_expected_type (reader, node->klass->typecode);
DBusTypeReader *realign_root,
int seed)
{
- char buf[MAX_SAMPLE_STRING_LEN];
+ char buf[MAX_SAMPLE_STRING_LEN + 1];
const char *v_string = buf;
string_from_seed (buf, node->klass->subclass_detail,
DBusTypeWriter *writer,
int seed)
{
- char buf[MAX_SAMPLE_OBJECT_PATH_LEN];
+ char buf[MAX_SAMPLE_OBJECT_PATH_LEN + 1];
const char *v_string = buf;
object_path_from_seed (buf, seed);
int seed)
{
const char *v;
- char buf[MAX_SAMPLE_OBJECT_PATH_LEN];
+ char buf[MAX_SAMPLE_OBJECT_PATH_LEN + 1];
check_expected_type (reader, node->klass->typecode);
DBusTypeReader *realign_root,
int seed)
{
- char buf[MAX_SAMPLE_OBJECT_PATH_LEN];
+ char buf[MAX_SAMPLE_OBJECT_PATH_LEN + 1];
const char *v_string = buf;
object_path_from_seed (buf, seed);
signature_from_seed (char *buf,
int seed)
{
- int i;
- const char *s;
/* try to avoid ascending, descending, or alternating length to help find bugs */
const char *sample_signatures[] = {
"asax"
"a(ii)"
};
- s = sample_signatures[seed % _DBUS_N_ELEMENTS(sample_signatures)];
-
- for (i = 0; s[i]; i++)
- {
- buf[i] = s[i];
- }
- buf[i] = '\0';
+ strcpy (buf, sample_signatures[seed % _DBUS_N_ELEMENTS(sample_signatures)]);
}
static dbus_bool_t
DBusTypeWriter *writer,
int seed)
{
- char buf[MAX_SAMPLE_SIGNATURE_LEN];
+ char buf[MAX_SAMPLE_SIGNATURE_LEN + 1];
const char *v_string = buf;
signature_from_seed (buf, seed);
int seed)
{
const char *v;
- char buf[MAX_SAMPLE_SIGNATURE_LEN];
+ char buf[MAX_SAMPLE_SIGNATURE_LEN + 1];
check_expected_type (reader, node->klass->typecode);
DBusTypeReader *realign_root,
int seed)
{
- char buf[MAX_SAMPLE_SIGNATURE_LEN];
+ char buf[MAX_SAMPLE_SIGNATURE_LEN + 1];
const char *v_string = buf;
signature_from_seed (buf, seed);