summaryrefslogtreecommitdiff
path: root/misc.cc
diff options
context:
space:
mode:
authorRobin Krahl <me@robin-krahl.de>2018-02-11 20:11:22 +0100
committerSzczepan Zalega <szczepan@nitrokey.com>2018-02-12 09:22:44 +0100
commitc4aaf8e9d3763985bad2025dc88cd80e6b26af80 (patch)
tree23b068c9655d1d54247365eef2beca4e27f32b1a /misc.cc
parente2e009d7d55b75da4537b1fbecb6759c0aabb63c (diff)
downloadlibnitrokey-c4aaf8e9d3763985bad2025dc88cd80e6b26af80.tar.gz
libnitrokey-c4aaf8e9d3763985bad2025dc88cd80e6b26af80.tar.bz2
Null-terminate string before calling strtoul
hex_string_to_byte in misc.cc calls strtoul with a non-null-terminated string, causing a buffer over-read. This patch extends the buffer to always include a null character in the end. Fixes issue #95.
Diffstat (limited to 'misc.cc')
-rw-r--r--misc.cc3
1 files changed, 2 insertions, 1 deletions
diff --git a/misc.cc b/misc.cc
index 7a54a94..eaaad50 100644
--- a/misc.cc
+++ b/misc.cc
@@ -43,7 +43,8 @@ namespace misc {
auto data = ::std::vector<uint8_t>();
data.reserve(d_size);
- char buf[2];
+ char buf[3];
+ buf[2] = '\0';
for(size_t i=0; i<s_size; i++){
char c = hexString[i];