From 55fbc8ee055958b309011eeb62d7166ff0415905 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Thu, 15 Feb 2018 16:41:33 -0600 Subject: [PATCH] rxdebug: NUL-terminate version before printing Currently, 'rxdebug -version' never initializes the buffer we read the version string into. Usually this is not noticeable, since all OpenAFS binaries tend to pad the Rx version response packet with NULs, so we get back several NULs to terminate the string. However, this is not guaranteed, and if we do not get back a NUL-terminated string, we can easily read beyond the end of the buffer. To avoid this, initialize the 'version' buffer with NULs before we do anything, and set the last byte to NUL, in case we exactly filled the buffer. Reviewed-on: https://gerrit.openafs.org/12908 Reviewed-by: Benjamin Kaduk Tested-by: Andrew Deason (cherry picked from commit a66629eac4dda4eea37b4f06e0850641cb2a7387) Change-Id: I850ce16840ee264dce506e8b3c887004bca11e20 Reviewed-on: https://gerrit.openafs.org/12912 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- src/rxdebug/rxdebug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/rxdebug/rxdebug.c b/src/rxdebug/rxdebug.c index e4dcfcf46..3d4bf0a51 100644 --- a/src/rxdebug/rxdebug.c +++ b/src/rxdebug/rxdebug.c @@ -213,6 +213,7 @@ MainCommand(struct cmd_syndesc *as, void *arock) } if (version_flag) { + memset(version, 0, sizeof(version)); code = rx_GetServerVersion(s, host, port, length, version); if (code < 0) { @@ -220,6 +221,7 @@ MainCommand(struct cmd_syndesc *as, void *arock) errno); exit(1); } + version[sizeof(version) - 1] = '\0'; printf("AFS version: %s\n", version); fflush(stdout); -- 2.39.5