On 10-Dec-18 10:06 AM, Jakub Grajciar wrote:
Signed-off-by: Jakub Grajciar <[email protected]>
---
As a general comment, some description/cover letter would have been nice.
+
+ memif_msg_disconnect_t *d = &e->msg.disconnect;
+
+ e->msg.type = MEMIF_MSG_TYPE_DISCONNECT;
+ d->code = err_code;
+
+ if (reason != NULL) {
+ strncpy((char *)d->string, reason, strlen(reason));
+ if (cc->pmd != NULL) {
+ strncpy(cc->pmd->local_disc_string, reason,
+ strlen(reason));
+ }
I haven't looked at the entire thing, this is just something that caught
my eye during quick skimming through code.
On the face of it, this looks dangerous - you're setting the destination
buffer size from source buffer size. What if `d->string` is shorter than
`reason`?
--
Thanks,
Anatoly
