From 45780f2421eb63af78cd2e81ccab4217a3c361cf Mon Sep 17 00:00:00 2001 From: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:08:47 +0200 Subject: [PATCH] Proper size and initialisation for array `data` --- src/http.c | 20 ++++++++++++++++++-- tests/ci/checkpatch/checkpatch.pl | 0 2 files changed, 18 insertions(+), 2 deletions(-) mode change 100644 => 100755 tests/ci/checkpatch/checkpatch.pl diff --git a/src/http.c b/src/http.c index 4a202ae3..82d33d6e 100644 --- a/src/http.c +++ b/src/http.c @@ -639,7 +639,24 @@ int auth_log_in(struct tunnel *tunnel) char portal[64] = { '\0' }; char magic[32] = {'\0' }; char peer[32] = { '\0' }; - char data[9 + 3 * USERNAME_SIZE + 12 + 3 * PASSWORD_SIZE + 7 + 3 * REALM_SIZE + 7 + 1]; +#define OFV_MAX(a, b) ((a) > (b) ? a : b) + char data[OFV_MAX( + // username=%s&realm=%s&ajax=1&...&just_logged_in=1 + sizeof("username=") + + 3 * USERNAME_SIZE + + sizeof("realm=") + + 3 * REALM_SIZE + + sizeof("ajax=1&redir=%%2Fremote%%2Findex&just_logged_in=1"), + // "username=%s&credential=%s&realm=%s&ajax=1 + sizeof("username=") + + 3 * USERNAME_SIZE + + sizeof("realm=") + + 3 * REALM_SIZE + + sizeof("credential=") + + 3 * PASSWORD_SIZE + + sizeof("ajax=1") + )] = { '\0' }; +#undef OFV_MAX char token[128], tokenresponse[256], tokenparams[320]; char action_url[1024] = { '\0' }; char *res = NULL; @@ -651,7 +668,6 @@ int auth_log_in(struct tunnel *tunnel) tunnel->cookie[0] = '\0'; if (username[0] == '\0' && tunnel->config->password[0] == '\0') { - snprintf(data, sizeof(data), ""); ret = http_request(tunnel, "GET", "/remote/login", data, &res, &response_size); } else { diff --git a/tests/ci/checkpatch/checkpatch.pl b/tests/ci/checkpatch/checkpatch.pl old mode 100644 new mode 100755