From ef0f3c32888165c1a39b078f23ce7e1fc57fec66 Mon Sep 17 00:00:00 2001

From: Nalin Dahyabhai <nalin@redhat.com>

Date: Wed, 15 Jun 2016 15:56:38 -0400

Subject: [PATCH] getcert: fix a potential out-of-bounds

In getcert, fix a potential out-of-bounds write while gathering

parameters to send to the daemon as part of an "add_request" API

request, present since 20a6536febf0815d0b3d301133820a46fdd6ef21.

---

 src/getcert.c | 8 ++++----

 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/getcert.c b/src/getcert.c

index cfa36fb1a7ea16c9c9bacc8f40360efa594b7830..c84273a9bfc8730422f18ade87ce174fbbc44634 100644

--- a/src/getcert.c

+++ b/src/getcert.c

@@ -1499,8 +1499,8 @@ add_basic_request(enum cm_tdbus_type bus, char *id,

 {

 	DBusMessage *req, *rep;

 	int i;

-	struct cm_tdbusm_dict param[25];

-	const struct cm_tdbusm_dict *params[26];

+	struct cm_tdbusm_dict param[26];

+	const struct cm_tdbusm_dict *params[27];

 	dbus_bool_t b;

 	const char *capath;

 	char *p;

@@ -1738,8 +1738,8 @@ set_tracking(const char *argv0, const char *category,

 	enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS;

 	DBusMessage *req, *rep;

 	const char *request, *capath;

-	struct cm_tdbusm_dict param[25];

-	const struct cm_tdbusm_dict *params[26];

+	struct cm_tdbusm_dict param[26];

+	const struct cm_tdbusm_dict *params[27];

 	char *nss_scheme, *dbdir = NULL, *token = NULL, *nickname = NULL;

 	char **anchor_dbs = NULL, **anchor_files = NULL;

 	char *id = NULL, *new_id = NULL, *new_request;

-- 

2.9.0