From 78e69573cd970ac54de3d5f735aa980c10b3e483 Mon Sep 17 00:00:00 2001 From: S Rahul Date: Thu, 15 Oct 2009 12:41:20 +0000 Subject: [PATCH] Fixed a buffer overflow when client calls SetATSHostList() with long host names. --- CASA-auth-token/client/library/engine.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CASA-auth-token/client/library/engine.c b/CASA-auth-token/client/library/engine.c index 64900550..36e08ef8 100644 --- a/CASA-auth-token/client/library/engine.c +++ b/CASA-auth-token/client/library/engine.c @@ -1054,6 +1054,11 @@ SetATSHostList( for (i = 0; ATSHostList[i] != NULL; i++) { int ret; + if (strlen(ATSHostList[i]) > 255) { + DbgTrace(0, "-SetATSHostList- Host name too long: %s\n", ATSHostList[i]); + retStatus = CASA_STATUS_INVALID_PARAMETER; + goto exit; + } ret = sscanf(ATSHostList[i], "%[^:]:%hu", address, &port); if (ret != 2) { DbgTrace(0, "-SetATSHostList- Invalid entry: %s\n", ATSHostList[i]);