---
plugins/vcard.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/plugins/vcard.c b/plugins/vcard.c
index b997fc4..2c13266 100644
--- a/plugins/vcard.c
+++ b/plugins/vcard.c
@@ -121,7 +121,6 @@ static void add_slash(char *dest, const char *src, int len_max, int len)
}
}
dest[j] = 0;
- return;
}
static void get_escaped_fields(char **fields, ...)
--
1.7.0.4
Hi Radek,
On Wed, Jul 27, 2011, Radoslaw Jablonski wrote:
> ---
> plugins/vcard.c | 1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
Thanks. Both patches have now been applied.
Johan
For long input string there was possibility to write out
of "dest" buffer. It usually ended with obexd crash little
later in some random place.
---
plugins/vcard.c | 18 +++++++++++++++++-
1 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/plugins/vcard.c b/plugins/vcard.c
index 2c13266..30841b7 100644
--- a/plugins/vcard.c
+++ b/plugins/vcard.c
@@ -101,25 +101,41 @@ static void add_slash(char *dest, const char *src, int len_max, int len)
{
int i, j;
- for (i = 0, j = 0; i < len && j < len_max; i++, j++) {
+ for (i = 0, j = 0; i < len && j + 1 < len_max; i++, j++) {
+ /* filling dest buffer - last field need to be reserved
+ * for '\0'*/
switch (src[i]) {
case '\n':
+ if (j + 2 >= len_max)
+ /* not enough space in the buffer to put char
+ * preceded with escaping sequence (and '\0' in
+ * the end) */
+ goto done;
+
dest[j++] = '\\';
dest[j] = 'n';
break;
case '\r':
+ if (j + 2 >= len_max)
+ goto done;
+
dest[j++] = '\\';
dest[j] = 'r';
break;
case '\\':
case ';':
case ',':
+ if (j + 2 >= len_max)
+ goto done;
+
dest[j++] = '\\';
default:
dest[j] = src[i];
break;
}
}
+
+done:
dest[j] = 0;
}
--
1.7.0.4