diff options
author | Mingjie Shen <shen497@purdue.edu> | 2024-03-05 18:13:28 -0500 |
---|---|---|
committer | Mingjie Shen <shen497@purdue.edu> | 2024-03-05 18:13:28 -0500 |
commit | 7d08983cb265c13e21c5a23fd4e14613307f5e47 (patch) | |
tree | 39fedd1c1a08b2e740f11f524344b39b2ca0ff58 /programs | |
parent | 31403a4ca806b088780d67d5db7d0ffec2ff1435 (diff) | |
download | mbedtls-7d08983cb265c13e21c5a23fd4e14613307f5e47.zip mbedtls-7d08983cb265c13e21c5a23fd4e14613307f5e47.tar.gz mbedtls-7d08983cb265c13e21c5a23fd4e14613307f5e47.tar.bz2 |
ssl_mail_client: Fix unbounded write of sprintf()
These calls to sprintf may overflow buf because opt.mail_from and opt.mail_to
are controlled by users. Fix by replacing sprintf with snprintf.
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
Diffstat (limited to 'programs')
-rw-r--r-- | programs/ssl/ssl_mail_client.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index febb881..f26a23b 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -727,7 +727,7 @@ usage: mbedtls_printf(" > Write MAIL FROM to server:"); fflush(stdout); - len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from); + len = snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -739,7 +739,7 @@ usage: mbedtls_printf(" > Write RCPT TO to server:"); fflush(stdout); - len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to); + len = snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -763,11 +763,12 @@ usage: mbedtls_printf(" > Write content to server:"); fflush(stdout); - len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" - "This is a simple test mail from the " - "Mbed TLS mail client example.\r\n" - "\r\n" - "Enjoy!", opt.mail_from); + len = snprintf((char *) buf, sizeof(buf), + "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" + "This is a simple test mail from the " + "Mbed TLS mail client example.\r\n" + "\r\n" + "Enjoy!", opt.mail_from); ret = write_ssl_data(&ssl, buf, len); len = sprintf((char *) buf, "\r\n.\r\n"); |