doubango icon indicating copy to clipboard operation
doubango copied to clipboard
verified publisher icon DoubangoTelecom

Buffer Overflow in tsk_strlen

Open GoogleCodeExporter opened this issue 10 years ago • 1 comments 

What steps will reproduce the problem?
1. Turn on Address Sanitizer (new XCode 7 feature)
2. Make a call or send a message
3. ASan will catch the event as buffer overflow.

What is the expected output? What do you see instead?
Expected: Should continue working normally.
What happens: the length of the string is wrong to duplicate as strlen expects 
'\0' null terminator.

What version of the product are you using? On what operating system?
Using on iOS 8.3

Please provide any additional information below.

Similar to tsdp_header.c file -> tsdp_header_serialize method:
ret = tsk_buffer_append(output, "\r\n", 2);
should be 
ret = tsk_buffer_append(output, "\r\n\0", 3);
and all other buffer append methods for strings require the null terminator.

Original issue reported on code.google.com by [email protected] on 19 Jun 2015 at 7:02

GoogleCodeExporter avatar Aug 16 '15 21:08 GoogleCodeExporter

Original comment by [email protected] on 19 Jun 2015 at 11:51

  • Changed state: Accepted

GoogleCodeExporter avatar Aug 16 '15 21:08 GoogleCodeExporter