From: Tj <hacker@iam.tj>
Date: Thu, 8 Oct 2015 00:27:40 +0000 (+0100)
Subject: fix off-by-one buffer overflows
X-Git-Tag: v1.2~2
X-Git-Url: https://iam.tj/gitweb/gitweb.cgi?p=cfe_generate_password.git;a=commitdiff_plain;h=8ab17a74059179e14b2960a79f284f49b4a0a940

fix off-by-one buffer overflows
---

diff --git a/cfe_generate_password.c b/cfe_generate_password.c
index 8746cd1..2e21b45 100644
--- a/cfe_generate_password.c
+++ b/cfe_generate_password.c
@@ -86,12 +86,12 @@ static void
 pr_error_exit(unsigned int usage, const char *error, ...)
 {
  va_list args;
- char error_message[MESSAGE_SIZE];
+ char error_message[MESSAGE_SIZE + 1];
 
  if (!error) return;
 
  va_start(args, error);
- (void) vsnprintf(error_message, MESSAGE_SIZE, error, args);
+ (void) vsnprintf(error_message, MESSAGE_SIZE + 1, error, args);
  va_end(args);
  fprintf(stderr, "Error: %s\n", error_message);
 
@@ -119,7 +119,7 @@ generate_seed(char *mac, char *timestamp, char *seed)
     size_t i;
     char *mac_ptr = mac + 9;
     size_t ts_len = strlen(timestamp);
-    for (i = 0; i <= SEED_SIZE; ++i) {
+    for (i = 0; i < SEED_SIZE; ++i) {
       /* if no timestamp assume CFE get_time() returned 0 and CFE g_pw_timestamp == 0x00000000 */
       if (i < 6)
           seed[i] = ts_len ? timestamp[i] : '0';