length limit the sscanf() parsing to prevent buffer overflow

2024-11-21 01:16:58 +08:00 · 2004-06-24 12:07:36 +00:00 · 2004-06-24 12:07:36 +00:00 · 62f0457961
commit 62f0457961
parent 8879b57b73
1 changed files with 1 additions and 1 deletions
--- a/lib/telnet.c
+++ b/lib/telnet.c
@ -878,7 +878,7 @@ static void suboption(struct connectdata *conn)
        tmplen = (strlen(v->data) + 1);
        /* Add the variable only if it fits */
        if(len + tmplen < (int)sizeof(temp)-6) {
-          sscanf(v->data, "%127[^,],%s", varname, varval);
+          sscanf(v->data, "%127[^,],%127s", varname, varval);
          snprintf((char *)&temp[len], sizeof(temp) - len,
                   "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
                   CURL_NEW_ENV_VALUE, varval);