git-svn: trunk@2723
Nigel Horne authored on 2007/02/13 06:15:58... | ... |
@@ -1,4 +1,9 @@ |
1 |
+Mon Feb 12 21:15:00 GMT 2007 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/entconv.c: Code tidy for bounds checking compilers |
|
4 |
+ |
|
1 | 5 |
Mon Feb 12 22:08:15 CET 2007 (acab) |
6 |
+---------------------------------- |
|
2 | 7 |
* libclamav/packlibs: fix possible heap overflow (thanks Edvin) |
3 | 8 |
|
4 | 9 |
Mon Feb 12 21:59:49 CET 2007 (tk) |
... | ... |
@@ -953,12 +953,15 @@ unsigned char* encoding_norm_readline(struct entity_conv* conv, FILE* stream_in, |
953 | 953 |
} |
954 | 954 |
else { |
955 | 955 |
char buff[10]; |
956 |
+ const int len = strlen(buff); |
|
957 |
+ |
|
956 | 958 |
snprintf(buff,9,"&#%d;",u16); |
957 | 959 |
buff[9] = '\0'; |
958 |
- if(norm + strlen(buff) >= norm_end) |
|
960 |
+ if((norm_end - norm) <= len) |
|
961 |
+ /* prevent buffer overflow */ |
|
959 | 962 |
break; |
960 |
- strncpy((char*)norm, buff, strlen(buff)); |
|
961 |
- norm += strlen(buff); |
|
963 |
+ memcpy((char*)norm, buff, len); |
|
964 |
+ norm += len; |
|
962 | 965 |
} |
963 | 966 |
} |
964 | 967 |
conv->out_area.offset = i; /* so that we can resume next time from here */ |