From ae611d7b5a0afc7c59972f673d2b14ac7054c6f0 Mon Sep 17 00:00:00 2001 From: thierry1970 Date: Tue, 11 Feb 2020 18:19:54 +0100 Subject: Fix memory overflow. --- src/capabilities.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/capabilities.c b/src/capabilities.c index c3b4b98..3c65198 100644 --- a/src/capabilities.c +++ b/src/capabilities.c @@ -18,6 +18,8 @@ struct cap size_t size; }; +#define SIZE_DATA 32784 + typedef void (*fct_parcours_t)(xmlNodePtr, ippScanner *ippscanner); void parcours_prefixe(xmlNodePtr noeud, fct_parcours_t f, ippScanner *ippscanner); @@ -201,7 +203,7 @@ http_request(const char *hostname, const char *ressource, int port, int *size_da { http_t *http = NULL; /* HTTP connection */ http_status_t status = HTTP_STATUS_OK; /* Status of GET command */ - char buffer[8192]; /* Input buffer */ + char buffer[SIZE_DATA] = { 0 }; /* Input buffer */ long bytes; /* Number of bytes read */ off_t total; /* Total bytes */ const char *encoding; /* Negotiated Content-Encoding */ @@ -236,13 +238,14 @@ http_request(const char *hostname, const char *ressource, int port, int *size_da total = 0; - while ((bytes = httpRead2(http, buffer, sizeof(buffer))) > 0) + while ((bytes = httpRead2(http, buffer, (SIZE_DATA - 1))) > 0) { char *str = realloc(memory, total + bytes + 1); memory = str; memcpy(&(memory[total]), buffer, bytes); total += bytes; memory[total] = 0; + memset(buffer, 0, SIZE_DATA); } tmp = (char *)strstr(memory, "