add null character to end of read string to prevent buffer overflows

d8a616a1 · Maarten de Waard · 560b1c45 · d8a616a1 · d8a616a1
Commit d8a616a1 authored 7 years ago by Maarten de Waard
--- a/src/api/ssh_keys_post.c
+++ b/src/api/ssh_keys_post.c
@@ -38,15 +38,12 @@ int callback_ssh_keys_post(const struct _u_request * request,
    ssh_key = json_string_value(json_object_get(json_input, "ssh-key"));
    if (ssh_key == NULL)
    {
-        // TODO: use janson's free function?
-        o_free(ssh_key);
        return send_simple_response(response, 400, "error", "missing ssh-key");
    }

    // Call cat to append the command correctly:
    char * command = NULL;
    asprintf(&command, "echo '%s' | sed -rf '%s'", ssh_key, RESTRICT_COMMAND_PATH);
-    o_free(ssh_key);
    FILE * sed_output = popen(command, "r");

    if (!sed_output)

--- a/src/auxiliary.c
+++ b/src/auxiliary.c
@@ -34,9 +34,11 @@ char * read_from_file(FILE * file)
                str = temp;
            }
            strcpy(str + size - 1, buf);     // append buffer to str
-            size += strlength; 
+            size += strlength;
        }
        pclose(file);
+        temp = realloc(str, size + 1);
+        str[size] = '\0';
    }
    return str;
 }