Possible buffer overflow in HTML generator (code already refactored on HEAD).

author František Dvořák <valtri@civ.zcu.cz>

Fri, 15 Feb 2013 08:12:33 +0000 (08:12 +0000)

committer František Dvořák <valtri@civ.zcu.cz>

Fri, 15 Feb 2013 21:58:55 +0000 (22:58 +0100)
author František Dvořák <valtri@civ.zcu.cz>
Fri, 15 Feb 2013 08:12:33 +0000 (08:12 +0000)
committer František Dvořák <valtri@civ.zcu.cz>
Fri, 15 Feb 2013 21:58:55 +0000 (22:58 +0100)
diff --git a/org.glite.lb.server/src/lb_text.c b/org.glite.lb.server/src/lb_text.c

index 31d6536..9e15bea 100644 (file)
--- a/org.glite.lb.server/src/lb_text.c
+++ b/org.glite.lb.server/src/lb_text.c
@@ -295,7 +295,7 @@ int edg_wll_ConfigurationToText(edg_wll_Context ctx, int admin, char **message){
                 if (ctx->authz_policy_file && (fd = open(ctx->authz_policy_file, O_RDONLY)) >= 0){
                         off_t size = lseek(fd, 0, SEEK_END) - lseek(fd, 0, SEEK_SET);
                         if (size){
-                               char *pft = (char*)calloc(sizeof(char), size);
+                               char *pft = (char*)calloc(sizeof(char), size + 1);
                                 read(fd, pft, size);
                                 close(fd);
                                 pf = escape_text(pft);
author	František Dvořák <valtri@civ.zcu.cz>
	Fri, 15 Feb 2013 08:12:33 +0000 (08:12 +0000)
committer	František Dvořák <valtri@civ.zcu.cz>
	Fri, 15 Feb 2013 21:58:55 +0000 (22:58 +0100)