projects / oweals / busybox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f1ae25) | patch
whois: fix a possible out-of-bounds stack access
authorDenys Vlasenko <vda.linux@googlemail.com>
Tue, 4 Sep 2018 12:48:00 +0000 (14:48 +0200)
committerDenys Vlasenko <vda.linux@googlemail.com>
Tue, 4 Sep 2018 12:48:00 +0000 (14:48 +0200)
commit3d6f95ede6e98cd245cfbdc4c429a184f6c0d717
tree5b44abec395055fc861ad07bd4f8a2a7acdb1caftree | snapshot
parent8f1ae256347b32057d32846f915f53f9106f00bccommit | diff
whois: fix a possible out-of-bounds stack access

If fgets() returns incomplete string, we replace NUL with
'\n', and then trim() runs on a non-NUL-terminated buffer.
Prevent that.

While at it, bump buffer from 1k to 2k.

function                                             old     new   delta
query                                                519     524      +5

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
networking/whois.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.