diff options
| author | Sebastian Falbesoner <sebastian.falbesoner@gmail.com> | 2020-10-22 03:05:11 +0200 |
|---|---|---|
| committer | Sebastian Falbesoner <sebastian.falbesoner@gmail.com> | 2020-10-22 03:39:55 +0200 |
| commit | 56a461f72796ca60de28e78f144741eb1a4f5213 (patch) | |
| tree | e22562f010dbc8f0846187e4ef9447f7ec68d9d8 /src/wallet | |
| parent | dda18e7310a202a8aa46c95279446131659f91c5 (diff) | |
| download | bitcoin-56a461f72796ca60de28e78f144741eb1a4f5213.tar.xz | |
wallet: fix buffer over-read in SQLite file magic check
If there is no terminating zero within the 16 magic bytes, the buffer would be
over-read in the std::string constructor. Fixed by using the "from buffer"
variant of the ctor (that also takes a size) rather than the "from c-string"
variant.
Diffstat (limited to 'src/wallet')
| -rw-r--r-- | src/wallet/sqlite.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wallet/sqlite.cpp b/src/wallet/sqlite.cpp index 02a161ecbd..6d2fdbe58b 100644 --- a/src/wallet/sqlite.cpp +++ b/src/wallet/sqlite.cpp @@ -619,8 +619,8 @@ bool IsSQLiteFile(const fs::path& path) file.close(); // Check the magic, see https://sqlite.org/fileformat2.html - std::string magic_str(magic); - if (magic_str != std::string("SQLite format 3")) { + std::string magic_str(magic, 16); + if (magic_str != std::string("SQLite format 3", 16)) { return false; } |