From a66629eac4dda4eea37b4f06e0850641cb2a7387 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Thu, 15 Feb 2018 16:41:33 -0600 Subject: [PATCH] rxdebug: NUL-terminate version before printing Currently, 'rxdebug -version' never initializes the buffer we read the version string into. Usually this is not noticeable, since all OpenAFS binaries tend to pad the Rx version response packet with NULs, so we get back several NULs to terminate the string. However, this is not guaranteed, and if we do not get back a NUL-terminated string, we can easily read beyond the end of the buffer. To avoid this, initialize the 'version' buffer with NULs before we do anything, and set the last byte to NUL, in case we exactly filled the buffer. Change-Id: I1b1ae546c01f018a9b4e198f918c2d9eb86015d6 Reviewed-on: https://gerrit.openafs.org/12908 Reviewed-by: Benjamin Kaduk Tested-by: Andrew Deason --- src/rxdebug/rxdebug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/rxdebug/rxdebug.c b/src/rxdebug/rxdebug.c index e4dcfcf463..3d4bf0a513 100644 --- a/src/rxdebug/rxdebug.c +++ b/src/rxdebug/rxdebug.c @@ -213,6 +213,7 @@ MainCommand(struct cmd_syndesc *as, void *arock) } if (version_flag) { + memset(version, 0, sizeof(version)); code = rx_GetServerVersion(s, host, port, length, version); if (code < 0) { @@ -220,6 +221,7 @@ MainCommand(struct cmd_syndesc *as, void *arock) errno); exit(1); } + version[sizeof(version) - 1] = '\0'; printf("AFS version: %s\n", version); fflush(stdout);