From 4835311363cb59b683f4a55bcdd3cdfedd506747 Mon Sep 17 00:00:00 2001 From: "Joshua J. Drake" Date: Thu, 23 Oct 2014 23:39:36 -0500 Subject: [PATCH] Fix several stack buffer overflows in sendCommand variants --- TRXManager/TRXManager.cpp | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/TRXManager/TRXManager.cpp b/TRXManager/TRXManager.cpp index f99a4e79..2e1f5cb3 100644 --- a/TRXManager/TRXManager.cpp +++ b/TRXManager/TRXManager.cpp @@ -320,9 +320,8 @@ int ::ARFCNManager::sendCommand(const char*command, const char*param, int *respo int rspLen = sendCommandPacket(cmdBuf,response); if (rspLen<=0) return -1; // Parse and check status. - char cmdNameTest[15]; + char cmdNameTest[16] = { 0 }; int status; - cmdNameTest[0]='\0'; if (!responseParam) sscanf(response,"RSP %15s %d", cmdNameTest, &status); else @@ -340,9 +339,8 @@ int ::ARFCNManager::sendCommand(const char*command, int param, int *responsePara int rspLen = sendCommandPacket(cmdBuf,response); if (rspLen<=0) return -1; // Parse and check status. - char cmdNameTest[15]; + char cmdNameTest[16] = { 0 }; int status; - cmdNameTest[0]='\0'; if (!responseParam) sscanf(response,"RSP %15s %d", cmdNameTest, &status); else @@ -361,9 +359,8 @@ int ::ARFCNManager::sendCommand(const char*command, const char* param) int rspLen = sendCommandPacket(cmdBuf,response); if (rspLen<=0) return -1; // Parse and check status. - char cmdNameTest[15]; + char cmdNameTest[16] = { 0 }; int status; - cmdNameTest[0]='\0'; sscanf(response,"RSP %15s %d", cmdNameTest, &status); if (strcmp(cmdNameTest,command)!=0) return -1; return status; @@ -380,9 +377,8 @@ int ::ARFCNManager::sendCommand(const char*command) int rspLen = sendCommandPacket(cmdBuf,response); if (rspLen<=0) return -1; // Parse and check status. - char cmdNameTest[15]; + char cmdNameTest[16] = { 0 }; int status; - cmdNameTest[0]='\0'; sscanf(response,"RSP %15s %d", cmdNameTest, &status); if (strcmp(cmdNameTest,command)!=0) return -1; return status;