From 180b693262d71381d650d10c3f95a5a70553f40f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 8 Oct 2014 11:35:48 +0200 Subject: methods/rsh.cc: replace strcat with std::string Instead of using strcat use a C++ std::string to avoid overflowing this buffer. Thanks to David Garfield Closes: #76442 --- methods/rsh.cc | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/methods/rsh.cc b/methods/rsh.cc index bd46d2515..0e949160b 100644 --- a/methods/rsh.cc +++ b/methods/rsh.cc @@ -218,17 +218,20 @@ bool RSHConn::WriteMsg(std::string &Text,bool Sync,const char *Fmt,...) va_list args; va_start(args,Fmt); - // sprintf the description - char S[512]; - vsnprintf(S,sizeof(S) - 4,Fmt,args); + // sprintf into a buffer + char Tmp[1024]; + vsnprintf(Tmp,sizeof(Tmp),Fmt,args); va_end(args); + // concat to create the real msg + std::string Msg; if (Sync == true) - strcat(S," 2> /dev/null || echo\n"); + Msg = std::string(Tmp) + " 2> /dev/null || echo\n"; else - strcat(S," 2> /dev/null\n"); + Msg = std::string(Tmp) + " 2> /dev/null\n"; // Send it off + const char *S = Msg.c_str(); unsigned long Len = strlen(S); unsigned long Start = 0; while (Len != 0) -- cgit v1.2.3-70-g09d2