jcs
/subtext
/amendments
/305
session: Provide string length to sscanf in session_expand_var
jcs made amendment 305 about 1 year ago
--- session.c Thu Feb 16 17:23:19 2023
+++ session.c Mon Feb 20 15:51:08 2023
@@ -1242,7 +1242,7 @@ session_expand_var(struct session *session, char *ivar
*ret = (char *)&retval;
retlen = 0;
- if (sscanf(ivar, "%[^|]|%ld%n", var, &retsize, &count) == 2 &&
+ if (sscanf(ivar, "%128[^|]|%ld%n", &var, &retsize, &count) == 2 &&
count > 0) {
/* field of fixed length, either truncated or padded */
if (retsize > sizeof(retval))