[OpenSIPS-Devel] libsms_getsms.c out of bounds memory access
Pascal Cuoq
pascal_cuoq at hotmail.com
Fri Jun 18 00:33:40 CEST 2010
Hi!
> If answer is "xxxxxxxx+CMGR:" string, the position var will point at
> char "+" (line 171).
We agree so far.
> Now, following the code, line 178, the beginning var will point at the
> \0 null terminator;
"+CMGR:" is 6 characters. Variable position is pointing at the first one,so after executing line 178, variable beginning points *past* theterminating zero and into invalid memory, does it not?
Then "end=beginning;" is executed, and next "*end" fromthe for-loop condition is an invalid access.
Pascal
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/devel/attachments/20100617/06374ff0/attachment.htm
More information about the Devel
mailing list