[spice-common 3/8] coverity: avoid out of bounds access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We are allocating insufficient memory for the terminating null of the
string.
---
 common/ssl_verify.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 601252e..4292ddf 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -283,8 +283,8 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries)
     spice_return_val_if_fail(subject != NULL, NULL);
     spice_return_val_if_fail(nentries != NULL, NULL);
 
-    key = (char*)alloca(strlen(subject));
-    val = (char*)alloca(strlen(subject));
+    key = (char*)alloca(strlen(subject) + 1);
+    val = (char*)alloca(strlen(subject) + 1);
     in_subject = X509_NAME_new();
 
     if (!in_subject || !key || !val) {
-- 
2.7.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]