WAFer icon indicating copy to clipboard operation
WAFer copied to clipboard

Published 20 hours ago verified publisher icon riolet

Buffer overflow in nprintf()

Open nezza opened this issue 10 years ago • 1 comments

nprintf does not check bounds of its buffer.

Example code:

char *testbuf = calloc(1, sizeof(char) * 1000001);
memset(testbuf, 'A', 1000000);
printf("Testbuf len: %ld\n", strlen(testbuf));
nprintf(client, testbuf);

nezza avatar Jul 25 '14 16:07 nezza

nprintf() now uses vsnprintf() and will reallocate its buffer if not large enough.

MagicalTux avatar Jul 25 '14 22:07 MagicalTux