dangerous sprintf( ) usage found in win_serialport_impl.c

Question

dangerous sprintf( ) usage found in win_serialport_impl.c

asquared opened this issue 14 years ago · comments

The usage of sprintf( ) on lines 94 and 98 of win_serialport_impl.c is dangerous and can crash the Ruby interpreter. Conceivably, the stack buffer overflow could even be used to gain control of the ruby interpreter process. I've rewritten the code to use snprintf( ) instead, which eliminates the overflow possibility.

proof of concept:
H:>irb
irb(main):001:0> require 'serialport'
=> true
irb(main):002:0> s = SerialPort.new('x'*10000)

H:>

H. G. Parra · Answer 1 · Fri Jul 02 2010 12:42:11 GMT+0800 (China Standard Time)

Nice. Yes. There's also one on line 82.

H. G. Parra · Answer 2 · Sun Jul 18 2010 07:56:44 GMT+0800 (China Standard Time)

I'll check for sprintf() use in POSIX.

H. G. Parra · Answer 3 · Sun Jul 18 2010 08:00:21 GMT+0800 (China Standard Time)

Now found under POSIX. Confirmed working under Windows 7.