dangerous sprintf( ) usage found in win_serialport_impl.c
asquared opened this issue · comments
The usage of sprintf( ) on lines 94 and 98 of win_serialport_impl.c is dangerous and can crash the Ruby interpreter. Conceivably, the stack buffer overflow could even be used to gain control of the ruby interpreter process. I've rewritten the code to use snprintf( ) instead, which eliminates the overflow possibility.
proof of concept:
H:>irb
irb(main):001:0> require 'serialport'
=> true
irb(main):002:0> s = SerialPort.new('x'*10000)
H:>
Nice. Yes. There's also one on line 82.
I'll check for sprintf() use in POSIX.
Now found under POSIX. Confirmed working under Windows 7.