Skip to content
Snippets Groups Projects
Commit d8a616a1 authored by Maarten de Waard's avatar Maarten de Waard :angel:
Browse files

add null character to end of read string to prevent buffer overflows

parent 560b1c45
No related branches found
No related tags found
No related merge requests found
...@@ -38,15 +38,12 @@ int callback_ssh_keys_post(const struct _u_request * request, ...@@ -38,15 +38,12 @@ int callback_ssh_keys_post(const struct _u_request * request,
ssh_key = json_string_value(json_object_get(json_input, "ssh-key")); ssh_key = json_string_value(json_object_get(json_input, "ssh-key"));
if (ssh_key == NULL) if (ssh_key == NULL)
{ {
// TODO: use janson's free function?
o_free(ssh_key);
return send_simple_response(response, 400, "error", "missing ssh-key"); return send_simple_response(response, 400, "error", "missing ssh-key");
} }
// Call cat to append the command correctly: // Call cat to append the command correctly:
char * command = NULL; char * command = NULL;
asprintf(&command, "echo '%s' | sed -rf '%s'", ssh_key, RESTRICT_COMMAND_PATH); asprintf(&command, "echo '%s' | sed -rf '%s'", ssh_key, RESTRICT_COMMAND_PATH);
o_free(ssh_key);
FILE * sed_output = popen(command, "r"); FILE * sed_output = popen(command, "r");
if (!sed_output) if (!sed_output)
......
...@@ -34,9 +34,11 @@ char * read_from_file(FILE * file) ...@@ -34,9 +34,11 @@ char * read_from_file(FILE * file)
str = temp; str = temp;
} }
strcpy(str + size - 1, buf); // append buffer to str strcpy(str + size - 1, buf); // append buffer to str
size += strlength; size += strlength;
} }
pclose(file); pclose(file);
temp = realloc(str, size + 1);
str[size] = '\0';
} }
return str; return str;
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment