moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

telnet.c: check sscanf results before passing them to snprintf

This commit is contained in:
Marc Hoersken 2014-04-19 15:23:04 +02:00
parent f9ffbfce90
commit 662fc62517
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/telnet.c
View File

@ -932,8 +932,8 @@ static void suboption(struct connectdata *conn)
size_t len;
size_t tmplen;
int err;
char varname[128];
char varval[128];
char varname[128] = "";
char varval[128] = "";
struct SessionHandle *data = conn->data;
struct TELNET *tn = (struct TELNET *)data->req.protop;
@ -973,11 +973,12 @@ static void suboption(struct connectdata *conn)
tmplen = (strlen(v->data) + 1);
/* Add the variable only if it fits */
if(len + tmplen < (int)sizeof(temp)-6) {
sscanf(v->data, "%127[^,],%127s", varname, varval);
snprintf((char *)&temp[len], sizeof(temp) - len,
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
CURL_NEW_ENV_VALUE, varval);
len += tmplen;
if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
snprintf((char *)&temp[len], sizeof(temp) - len,
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
CURL_NEW_ENV_VALUE, varval);
len += tmplen;
}
}
}
snprintf((char *)&temp[len], sizeof(temp) - len,