cli: fixed buffer overflow in telnet part

author: Dmitry Kozlov <xeb@mail.ru> 2011-01-28 22:29:40 +0300
committer: Dmitry Kozlov <xeb@mail.ru> 2011-01-28 22:29:40 +0300
commit: 38077f9b9d9e86f4a7d2317b3697ea4370889999 (patch)
tree: 0752e73a91961db7062d875bc672867b17e809cc
parent: 735c852752a0c051301adc7022b0a08bf62733fc (diff)
download: accel-ppp-38077f9b9d9e86f4a7d2317b3697ea4370889999.tar.gz
accel-ppp-38077f9b9d9e86f4a7d2317b3697ea4370889999.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/accel-pppd/cli/telnet.c b/accel-pppd/cli/telnet.c
index 7e48782..82bcb0d 100644
--- a/accel-pppd/cli/telnet.c
+++ b/accel-pppd/cli/telnet.c
@@ -297,7 +297,7 @@ static int telnet_input_char(struct telnet_client_t *cln, uint8_t c)
 					return -1;
 			}
 		} else if (cln->cmdline_len) {
-			b = _malloc(sizeof(*b) + cln->cmdline_len);
+			b = _malloc(sizeof(*b) + cln->cmdline_len + 1);
 			b->p_buf = NULL;
 			memcpy(b->buf, cln->cmdline, cln->cmdline_len);
 			b->size = cln->cmdline_len;
@@ -708,7 +708,7 @@ static void load_history_file(void)
 		return;
 	
 	while (fgets((char *)temp_buf, RECV_BUF_SIZE, f)) {
-		b = _malloc(sizeof(*b) + strlen((char *)temp_buf));
+		b = _malloc(sizeof(*b) + strlen((char *)temp_buf) + 1);
 		b->p_buf = NULL;
 		b->size = strlen((char *)temp_buf) - 1;
 		memcpy(b->buf, temp_buf, b->size);
author	Dmitry Kozlov <xeb@mail.ru>	2011-01-28 22:29:40 +0300
committer	Dmitry Kozlov <xeb@mail.ru>	2011-01-28 22:29:40 +0300
commit	38077f9b9d9e86f4a7d2317b3697ea4370889999 (patch)
tree	0752e73a91961db7062d875bc672867b17e809cc
parent	735c852752a0c051301adc7022b0a08bf62733fc (diff)
download	accel-ppp-38077f9b9d9e86f4a7d2317b3697ea4370889999.tar.gz accel-ppp-38077f9b9d9e86f4a7d2317b3697ea4370889999.zip