Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential buffer overflow with bson_object_to_string #59

Open
jacobkeeler opened this issue Mar 30, 2022 · 0 comments
Open

Potential buffer overflow with bson_object_to_string #59

jacobkeeler opened this issue Mar 30, 2022 · 0 comments

Comments

@jacobkeeler
Copy link
Contributor

Created from smartdevicelink/sdl_core#3887

if string len >512 docString overflow

char *bson_object_to_string(BsonObject *obj, char *out) {
  //TODO just move the pointer rather than keep a position variable
  int position = 0;
  MapIterator iterator = emhashmap_iterator(&obj->data);
  MapEntry *current = emhashmap_iterator_next(&iterator);
  position += sprintf(out, "{ ");
  while (current != NULL) {
    BsonElement *element = (BsonElement *)current->value;
    position += sprintf(&out[position], "\"%s\":", current->key);
    switch (element->type) {
      case TYPE_DOCUMENT: {
        // docString overflow
        char docString[512];
        position += sprintf(&out[position], "%s", bson_object_to_string(bson_object_get_object(obj, current->key), docString));
        break;
      }

A length will need to be provided in this method in order to make sure that the buffer does not overflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant