]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8879b57)
length limit the sscanf() parsing to prevent buffer overflow
authorDaniel Stenberg <daniel@haxx.se>
Thu, 24 Jun 2004 12:07:36 +0000 (12:07 +0000)
committerDaniel Stenberg <daniel@haxx.se>
Thu, 24 Jun 2004 12:07:36 +0000 (12:07 +0000)
lib/telnet.c patch | blob | history

diff --git a/lib/telnet.c b/lib/telnet.c
index 6915e601d6cae42dd6a26bdc691dfacce67a7000..aea4fdd823edd42ae46130d72aa0192464a0f3a8 100644 (file)
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -878,7 +878,7 @@ static void suboption(struct connectdata *conn)
         tmplen = (strlen(v->data) + 1);
         /* Add the variable only if it fits */
         if(len + tmplen < (int)sizeof(temp)-6) {
-          sscanf(v->data, "%127[^,],%s", varname, varval);
+          sscanf(v->data, "%127[^,],%127s", varname, varval);
           snprintf((char *)&temp[len], sizeof(temp) - len,
                    "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
                    CURL_NEW_ENV_VALUE, varval);
Unnamed repository; edit this file 'description' to name the repository.