diff options
| author | Omair Majid <omajid@redhat.com> | 2019-04-25 19:40:19 -0400 |
|---|---|---|
| committer | Jan Kotas <jkotas@microsoft.com> | 2019-04-25 16:40:18 -0700 |
| commit | dea615bfbeff6b8769e6d162aea33862e676fadb (patch) | |
| tree | 736358f53d0c9fd31a84325ad9b2865b6cd92cda /src/corefx | |
| parent | 37957f427e324448152fb6e75795b876967cfe55 (diff) | |
| download | coreclr-dea615bfbeff6b8769e6d162aea33862e676fadb.tar.gz coreclr-dea615bfbeff6b8769e6d162aea33862e676fadb.tar.bz2 coreclr-dea615bfbeff6b8769e6d162aea33862e676fadb.zip | |
Null-terminate buffers that strncpy writes to (#24095)
It is possible that the string being copied is so large that strncpy
fills up the destination array and does not write any null characters to
it. That will lead to buffer overflows. Work around that by always
writing a null character at the end of the destination array.
Diffstat (limited to 'src/corefx')
| -rw-r--r-- | src/corefx/System.Globalization.Native/pal_calendarData.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/corefx/System.Globalization.Native/pal_calendarData.c b/src/corefx/System.Globalization.Native/pal_calendarData.c index 07f8a6f290..96336fced7 100644 --- a/src/corefx/System.Globalization.Native/pal_calendarData.c +++ b/src/corefx/System.Globalization.Native/pal_calendarData.c @@ -305,6 +305,8 @@ static int32_t EnumSymbols(const char* locale, char localeWithCalendarName[ULOC_FULLNAME_CAPACITY]; strncpy(localeWithCalendarName, locale, ULOC_FULLNAME_CAPACITY); + localeWithCalendarName[ULOC_FULLNAME_CAPACITY - 1] = 0; + uloc_setKeywordValue("calendar", GetCalendarName(calendarId), localeWithCalendarName, ULOC_FULLNAME_CAPACITY, &err); UCalendar* pCalendar = ucal_open(NULL, 0, localeWithCalendarName, UCAL_DEFAULT, &err); @@ -412,6 +414,7 @@ static int32_t EnumAbbrevEraNames(const char* locale, char* parentNamePtr = parentNameBuf; strncpy(localeNamePtr, locale, ULOC_FULLNAME_CAPACITY); + localeNamePtr[ULOC_FULLNAME_CAPACITY - 1] = 0; while (TRUE) { |