Fix potential buffer overflow in eventmux callback

lumynou5 · lumynou5 · commit a3539f176098 · 2025-03-31T18:45:12.000+08:00
This changes the parameter list of the eventmux callback, affecting the
header and the implementation of the dependency linenoise, but it is
necessary to prevent potential buffer overflow and to make the program
compile with '-O3'.

Change-Id: Ic50650107e939677a286f129251c50ce2dcbf635
diff --git a/linenoise.c b/linenoise.c
@@ -948,7 +948,7 @@ static int line_edit(int stdin_fd,
         char seq[5];
 
         if (eventmux_callback != NULL) {
-            int result = eventmux_callback(l.buf);
+            int result = eventmux_callback(l.buf, l.buflen);
             if (result != 0)
                 return result;
         }
diff --git a/linenoise.h b/linenoise.h
@@ -54,7 +54,7 @@ typedef struct {
 typedef void(line_completion_callback_t)(const char *, line_completions_t *);
 typedef char *(line_hints_callback_t)(const char *, int *color, int *bold);
 typedef void(line_free_hints_callback_t)(void *);
-typedef int(line_eventmux_callback_t)(char *);
+typedef int(line_eventmux_callback_t)(char *, size_t);
 void line_set_completion_callback(line_completion_callback_t *);
 void line_set_hints_callback(line_hints_callback_t *);
 void line_set_free_hints_callback(line_free_hints_callback_t *);
diff --git a/scripts/aspell-pws b/scripts/aspell-pws
@@ -77,6 +77,7 @@ epoll
 errno
 etc
 eventfd
+eventmux
 fadvise
 fchdir
 fchmod
diff --git a/web.c b/web.c
@@ -234,7 +234,7 @@ char *web_recv(int fd, struct sockaddr_in *clientaddr)
     return ret;
 }
 
-int web_eventmux(char *buf)
+int web_eventmux(char *buf, size_t buflen)
 {
     fd_set listenset;
 
@@ -259,7 +259,7 @@ int web_eventmux(char *buf)
         char *p = web_recv(web_connfd, &clientaddr);
         char *buffer = "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n";
         web_send(web_connfd, buffer);
-        strncpy(buf, p, strlen(p) + 1);
+        strncpy(buf, p, buflen);
         free(p);
         close(web_connfd);
         return strlen(buf);
diff --git a/web.h b/web.h
@@ -9,6 +9,6 @@ char *web_recv(int fd, struct sockaddr_in *clientaddr);
 
 void web_send(int out_fd, char *buffer);
 
-int web_eventmux(char *buf);
+int web_eventmux(char *buf, size_t buflen);
 
 #endif

Original file line number	Diff line number	Diff line change
`@@ -948,7 +948,7 @@ static int line_edit(int stdin_fd,`
`948`	`948`	`char seq[5];`
`949`	`949`
`950`	`950`	`if (eventmux_callback != NULL) {`
`951`		`- int result = eventmux_callback(l.buf);`
	`951`	`+ int result = eventmux_callback(l.buf, l.buflen);`
`952`	`952`	`if (result != 0)`
`953`	`953`	`return result;`
`954`	`954`	`}`
-Original file line number
+Diff line change
 errno
 etc
 eventfd
 +eventmux
 fadvise
 fchdir
 fchmod