fix off-by-one buffer overflows

[cfe_generate_password.git] / cfe_generate_password.c

diff --git a/cfe_generate_password.c b/cfe_generate_password.c
index 967543b..2e21b45 100644 (file)
--- a/cfe_generate_password.c
+++ b/cfe_generate_password.c
@@ -86,12 +86,12 @@ static void
 pr_error_exit(unsigned int usage, const char *error, ...)
 {
  va_list args;
- char error_message[MESSAGE_SIZE];
+ char error_message[MESSAGE_SIZE + 1];
 
  if (!error) return;
 
  va_start(args, error);
- (void) vsnprintf(error_message, MESSAGE_SIZE, error, args);
+ (void) vsnprintf(error_message, MESSAGE_SIZE + 1, error, args);
  va_end(args);
  fprintf(stderr, "Error: %s\n", error_message);
 
@@ -119,7 +119,7 @@ generate_seed(char *mac, char *timestamp, char *seed)
     size_t i;
     char *mac_ptr = mac + 9;
     size_t ts_len = strlen(timestamp);
-    for (i = 0; i <= SEED_SIZE; ++i) {
+    for (i = 0; i < SEED_SIZE; ++i) {
       /* if no timestamp assume CFE get_time() returned 0 and CFE g_pw_timestamp == 0x00000000 */
       if (i < 6)
           seed[i] = ts_len ? timestamp[i] : '0';
@@ -231,7 +231,8 @@ main(int argc, char **argv, char **env)
       if (! generate_pass(seed, password))
         pr_error_exit(0, "unable to generate password");
 
-    printf("MAC address: %s Timestamp: %s Seed: %s Password: %s\n", MAC_ADDR, timestamp, seed, password);
+    if (opt_seed || opt_pass)
+      printf("MAC address: %s Timestamp: %s Seed: %s Password: %s\n", MAC_ADDR, timestamp, seed, password);
   }
 
   return result;