New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

内存边界不为0,使用strlen读取长度不正确 #33

Open

ZHANGHSING opened this issue Jun 1, 2019 · 1 comment

ZHANGHSING commented Jun 1, 2019 •

edited by aozima

Loading

onenet_mqtt.c - L: 404

   *out_buff = ONENET_MALLOC(strlen(msg_str) + 3);
    if (!(*out_buff))
    {
        LOG_E("ONENET mqtt upload string data failed! No memory for send buffer!");
        return -RT_ENOMEM;
    }

    strncpy(&(*out_buff)[3], msg_str, strlen(msg_str));
    *length = strlen(&(*out_buff)[3]);

*length 如此使用strlen存在很大隐藏风险

HongWLiu commented May 26, 2021

软件包貌似一直没有更新，看来要学习下怎么提交PR。

# for free to join this conversation on GitHub. Already have an account? # to comment