[vlc-commits] access: ftp: fix potential invalid write.
Fabian Yamaguchi
git at videolan.org
Fri Dec 5 23:23:04 CET 2014
vlc | branch: master | Fabian Yamaguchi <fyamagu at gwdg.de> | Fri Dec 5 15:04:47 2014 +0100| [11d4770c6616fcb36cf014f4759679ac66ff7540] | committer: Jean-Baptiste Kempf
access: ftp: fix potential invalid write.
A buffer based on the length of the string to be sent via ftp was
allocated on the stack and hence, it could not be verified whether the
allocation succeeded. Allocate the buffer on the heap instead to avoid
a potential invalid write in a subsequent memcpy.
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=11d4770c6616fcb36cf014f4759679ac66ff7540
---
modules/access/ftp.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/modules/access/ftp.c b/modules/access/ftp.c
index 5224e7e..a6b586e 100644
--- a/modules/access/ftp.c
+++ b/modules/access/ftp.c
@@ -151,7 +151,13 @@ static int ftp_SendCommand( vlc_object_t *obj, access_sys_t *sys,
const char *fmt, ... )
{
size_t fmtlen = strlen( fmt );
- char fmtbuf[fmtlen + 3];
+
+ if( fmtlen > SIZE_MAX - 3 )
+ return -1;
+
+ char *fmtbuf = malloc( fmtlen + 3 );
+ if( !fmtbuf )
+ return -1;
memcpy( fmtbuf, fmt, fmtlen );
memcpy( fmtbuf + fmtlen, "\r\n", 3 );
@@ -163,6 +169,7 @@ static int ftp_SendCommand( vlc_object_t *obj, access_sys_t *sys,
va_start( args, fmt );
val = vasprintf( &cmd, fmtbuf, args );
va_end( args );
+ free(fmtbuf);
if( unlikely(val == -1) )
return -1;
More information about the vlc-commits
mailing list