From 2f7b58abcee6ef32a927b3bd43070bbea205656b Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Wed, 4 Apr 2018 15:06:03 +0200 Subject: Null-terminate the argument for strtoul As discussed in issue #95, the buffer passed to strtoul must be null-terminated. This patch null-terminates the buffer used in hexStringToByte in the test_HOTP unit test to avoid a buffer over-read. --- unittest/test_HOTP.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'unittest') diff --git a/unittest/test_HOTP.cc b/unittest/test_HOTP.cc index 520faaf..c13fb8e 100644 --- a/unittest/test_HOTP.cc +++ b/unittest/test_HOTP.cc @@ -36,7 +36,8 @@ using namespace nitrokey::misc; void hexStringToByte(uint8_t data[], const char* hexString){ REQUIRE(strlen(hexString)%2==0); - char buf[2]; + char buf[3]; + buf[2] = '\0'; for(int i=0; i