From 56a461f72796ca60de28e78f144741eb1a4f5213 Mon Sep 17 00:00:00 2001 From: Sebastian Falbesoner Date: Thu, 22 Oct 2020 03:05:11 +0200 Subject: [PATCH] wallet: fix buffer over-read in SQLite file magic check If there is no terminating zero within the 16 magic bytes, the buffer would be over-read in the std::string constructor. Fixed by using the "from buffer" variant of the ctor (that also takes a size) rather than the "from c-string" variant. --- src/wallet/sqlite.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wallet/sqlite.cpp b/src/wallet/sqlite.cpp index 02a161ecb..6d2fdbe58 100644 --- a/src/wallet/sqlite.cpp +++ b/src/wallet/sqlite.cpp @@ -619,8 +619,8 @@ bool IsSQLiteFile(const fs::path& path) file.close(); // Check the magic, see https://sqlite.org/fileformat2.html - std::string magic_str(magic); - if (magic_str != std::string("SQLite format 3")) { + std::string magic_str(magic, 16); + if (magic_str != std::string("SQLite format 3", 16)) { return false; }