From d65afb2c7474f4f7b19aacc74dd3956ee491c60b Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Sat, 6 Oct 2018 08:35:43 +0200 Subject: [PATCH] Fix LWSClient connect_to_host string termination. Coming from strncpy might get you a non-NULL terminated buffer. The solution, if you accept trunction, is to give one less byte to strncpy and manually set the last char in the buffer to '\0'. If the source string is shorter, than the buffer is padded with '\0' automatically. --- modules/websocket/lws_client.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/websocket/lws_client.cpp b/modules/websocket/lws_client.cpp index cd814760e6..b3e5f6ffab 100644 --- a/modules/websocket/lws_client.cpp +++ b/modules/websocket/lws_client.cpp @@ -80,9 +80,12 @@ Error LWSClient::connect_to_host(String p_host, String p_path, uint16_t p_port, char hbuf[1024]; char pbuf[2048]; String addr_str = (String)addr; - strncpy(abuf, addr_str.ascii().get_data(), 1024); - strncpy(hbuf, p_host.utf8().get_data(), 1024); - strncpy(pbuf, p_path.utf8().get_data(), 2048); + strncpy(abuf, addr_str.ascii().get_data(), 1023); + abuf[1023] = '\0'; + strncpy(hbuf, p_host.utf8().get_data(), 1023); + hbuf[1023] = '\0'; + strncpy(pbuf, p_path.utf8().get_data(), 2047); + pbuf[2047] = '\0'; i.context = context; if (p_protocols.size() > 0)