Fix buffer overrun, always writing at buffer size + 1.
authorwwp <wwp@free.fr>
Wed, 11 Apr 2018 06:40:57 +0000 (08:40 +0200)
committerwwp <wwp@free.fr>
Wed, 11 Apr 2018 06:40:57 +0000 (08:40 +0200)
Fixes CID #1434188.

src/plugins/clamd/libclamd/clamd-plugin.c

index 314f626..d88b131 100644 (file)
@@ -461,7 +461,7 @@ static Clamd_Stat clamd_stream_scan(int sock,
                return NO_CONNECTION;
        }
 
-       while ((count = read(fd, (void *) buf, sizeof(buf))) > 0) {
+       while ((count = read(fd, (void *) buf, BUFSIZ - 1)) > 0) {
                buf[count] = '\0';
                if (buf[count - 1] == '\n')
                        buf[count - 1] = '\0';
@@ -478,7 +478,7 @@ static Clamd_Stat clamd_stream_scan(int sock,
                        *res = g_strconcat("ERROR -> ", _("Socket write error"), NULL);
                        return SCAN_ERROR;
                }
-               memset(buf, '\0', sizeof(buf));
+               memset(buf, '\0', BUFSIZ - 1);
        }
        if (count == -1) {
                close(fd);