Home Explore Help
Sign In
SMusatov
/
netdata
mirror of https://github.com/netdata/netdata.git
1
0
Fork 0
Files Wiki
Browse Source

Prevent memory corruption during ACLK OTP decode (#18863)

Allocate large enough buffer to prevent buffer overrun
Stelios Fragkakis 4 months ago
parent
4353dd7d49
commit
dcdd994bfa
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/aclk/aclk_otp.c

+ 1 - 1
src/aclk/aclk_otp.c
View File 

@@ -324,7 +324,7 @@ int aclk_get_otp_challenge(url_t *target, const char *agent_id, unsigned char **
 
         goto cleanup_json;
 
     }
 
 
-    *challenge = mallocz(CHALLENGE_LEN);
 
+    *challenge = mallocz((CHALLENGE_LEN_BASE64 / 4) * 3 + 1);
 
     *challenge_bytes = netdata_base64_decode(*challenge, (const unsigned char *) challenge_base64, CHALLENGE_LEN_BASE64);
 
 
     if (*challenge_bytes != CHALLENGE_LEN) {