c++ overflow problem

mshindo · November 8, 2008, 7:29pm

I have come accross a rather strange problem with two buffers that seem to be overriding each other.

bool killSession(const Session &session){
//Get user
	FILE* fp = fopen("conf/sessions.current", "rt");
	char line[1024]; char user[1024]; int x = 0; int leaseTime;
	printf("key: %s \n" , session.macAddress);

	while(fgets(line, 1024, fp) != NULL){
			x++;	
			int id; char addr[1024];
			sscanf(line, "%i %s %s %i", &id, addr, user, &leaseTime);
			addr[17] = '\0';
			
			printf("key: %s \naddr: %s \n", session.macAddress, addr);
			
			if(strcmp(addr, session.macAddress) != 0){
				printf("mac address found in file: %s \n", line);
				int gid =  getGroupId(user);
				char* accessType =  checkAccessType(gid);
				//modifyFirewall(accessType, session.macAddress, 0);
				break;
			}
		}
	//Finally remove session from session.current
	deleteLine("conf/sessions.current", x);
	fclose(fp);
return true;
}

gives the output:

key: 00:13:A9:A5:5D:EF 
key: 00:10 fakesessionthat michael 1999999999
 
addr: fakesessionthat 
mac address found in file: 0 fakesessionthat michael 1999999999

From that output it would seem that in the while loop that reads the session file session.macAddress is getting replaced by a part of the line variable. Have I actually managed to buffer overflow my own program.

Can someone please explain how ive gone wrong.

Thankyou

Cheers

Spetsnaz · November 10, 2008, 4:20pm

Could you provide a few lines of conf/sessions.current ?

What does the 't' mode do by the way ?

migurus · November 10, 2008, 6:10pm

Without seeing input it is hard to guess, but one obvious problem is here:

char line[1024];
while(fgets(line, 1024, fp) != NULL){

This code does not account for the terminating \0

I would chage it to spmething like this:

while(fgets(line, sizeof(buf) - 1, fp) != NULL){