Skip to content

jack_lsp: Fix buffer overflow for --server argument #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
unclechu wants to merge 1 commit into
base: main
Choose a base branch
from
Open

jack_lsp: Fix buffer overflow for --server argument #89

unclechu wants to merge 1 commit into from

Conversation

@unclechu
Copy link

@unclechu unclechu commented Jun 13, 2024

In the copied optarg there are only chars from the argument, no string termination \0 char. That causes the following code to go beyond the variable memory bound.

This change adds one extra char allocation for the server_name variable and puts \0 string termination char to the last char.

Fixes #88

@unclechu
jack_lsp: Fix buffer overflow for --server argument
62aeea4 
In the copied `optarg` there are only chars from the argument, no string
termination `\0` char. That causes the following code to go beyond the
variable memory bound.

This change adds one extra char allocation for the `server_name`
variable and puts `\0` string termination char to the last char.

Fixes jackaudio#88
@unclechu unclechu mentioned this pull request Jun 13, 2024
Open
unclechu
unclechu commented Jun 13, 2024
View reviewed changes
tools/lsp.c
case 's':
server_name = (char *) malloc (sizeof (char) * strlen(optarg));
server_name = (char *) malloc (sizeof (char) * (strlen(optarg) + 1));
server_name[strlen(optarg)] = '\0';
Copy link
Author

@unclechu unclechu Jun 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following the #88 (comment) comment this line might not be necessary.

Suggested change
server_name[strlen(optarg)] = '\0';

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

jack_lsp: An attempt to use --server/-s argument fails with buffer overflow

1 participant

@unclechu