From 2f7b58abcee6ef32a927b3bd43070bbea205656b Mon Sep 17 00:00:00 2001
From: Robin Krahl <me@robin-krahl.de>
Date: Wed, 4 Apr 2018 15:06:03 +0200
Subject: Null-terminate the argument for strtoul

As discussed in issue #95, the buffer passed to strtoul must be
null-terminated.  This patch null-terminates the buffer used in
hexStringToByte in the test_HOTP unit test to avoid a buffer over-read.
---
 unittest/test_HOTP.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'unittest')

diff --git a/unittest/test_HOTP.cc b/unittest/test_HOTP.cc
index 520faaf..c13fb8e 100644
--- a/unittest/test_HOTP.cc
+++ b/unittest/test_HOTP.cc
@@ -36,7 +36,8 @@ using namespace nitrokey::misc;
 
 void hexStringToByte(uint8_t data[], const char* hexString){
   REQUIRE(strlen(hexString)%2==0);
-    char buf[2];
+    char buf[3];
+    buf[2] = '\0';
     for(int i=0; i<strlen(hexString); i++){
         buf[i%2] = hexString[i];
         if (i%2==1){
-- 
cgit v1.2.1