Github user ted-ross commented on a diff in the pull request:
https://github.com/apache/qpid-dispatch/pull/195#discussion_r139231310
--- Diff: src/connection_manager.c ---
@@ -633,7 +633,46 @@ qd_error_t qd_entity_refresh_listener(qd_entity_t*
entity, void *impl)
qd_error_t qd_entity_refresh_connector(qd_entity_t* entity, void *impl)
{
- return QD_ERROR_NONE;
+ qd_connector_t *ct = (qd_connector_t*) impl;
+
+ if (DEQ_SIZE(ct->conn_info_list) > 1) {
+ qd_failover_item_list_t conn_info_list = ct->conn_info_list;
+
+ qd_failover_item_t *item = DEQ_HEAD(conn_info_list);
+
+ //
+ // As you can see we are skipping the head of the list. The
+ // first item in the list is always the original connection
information
+ // and we dont want to display that information as part of the
failover list.
+ //
+ char failover_info[250];
--- End diff --
Having a fixed-length string and later using strcat (not strncat) causes
this to be a buffer/stack overflow vulnerability. Please ensure that the
failover_info buffer cannot be overfilled.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
