From 78cc408369bdbbd440196c93574098d1482efbce Mon Sep 17 00:00:00 2001 From: Noel Maersk Date: Thu, 5 Jun 2014 21:45:01 +0300 Subject: [PATCH] stratum: parse_reconnect(): treat pool-sent URL as untrusted. Thanks to Mick Ayzenberg for reminding that this existed and highlighting the offender. Also to Luke-jr for actually fixing this in bfgminer. :D --- util.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/util.c b/util.c index 77f20431..94154518 100644 --- a/util.c +++ b/util.c @@ -1718,15 +1718,14 @@ static void __suspend_stratum(struct pool *pool) static bool parse_reconnect(struct pool *pool, json_t *val) { - char *sockaddr_url, *stratum_port, *tmp; - char *url, *port, address[256]; - if (opt_disable_client_reconnect) { - applog(LOG_WARNING, "Stratum client.reconnect forbidden, aborting."); + applog(LOG_WARNING, "Stratum client.reconnect received but is disabled, not reconnecting."); return false; } - memset(address, 0, 255); + char *url, *port, address[256]; + char *sockaddr_url, *stratum_port, *tmp; /* Tempvars. */ + url = (char *)json_string_value(json_array_get(val, 0)); if (!url) url = pool->sockaddr_url; @@ -1735,8 +1734,7 @@ static bool parse_reconnect(struct pool *pool, json_t *val) if (!port) port = pool->stratum_port; - sprintf(address, "%s:%s", url, port); - + snprintf(address, sizeof(address), "%s:%s", url, port); if (!extract_sockaddr(address, &sockaddr_url, &stratum_port)) return false;