mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-28 15:17:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #8897 from IVOES/cpp/unbounded-write

Browse Source 
ssl_mail_client: Fix unbounded write of sprintf()
This commit is contained in:
Gilles Peskine 2024-05-02 16:06:23 +00:00 committed by GitHub
commit aa82464dec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
programs/ssl/ssl_mail_client.c
View File

@ -727,7 +727,11 @@ usage:
mbedtls_printf(" > Write MAIL FROM to server:");
fflush(stdout);
len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from);
if (len < 0 || (size_t) len >= sizeof(buf)) {
mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
goto exit;
}
ret = write_ssl_and_get_response(&ssl, buf, len);
if (ret < 200 || ret > 299) {
mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
@ -739,7 +743,11 @@ usage:
mbedtls_printf(" > Write RCPT TO to server:");
fflush(stdout);
len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to);
if (len < 0 || (size_t) len >= sizeof(buf)) {
mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
goto exit;
}
ret = write_ssl_and_get_response(&ssl, buf, len);
if (ret < 200 || ret > 299) {
mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
@ -763,11 +771,16 @@ usage:
mbedtls_printf(" > Write content to server:");
fflush(stdout);
len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
"Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
len = mbedtls_snprintf((char *) buf, sizeof(buf),
"From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
"Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
if (len < 0 || (size_t) len >= sizeof(buf)) {
mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
goto exit;
}
ret = write_ssl_data(&ssl, buf, len);
len = sprintf((char *) buf, "\r\n.\r\n");