Verify the injection error buffer is null-termined.

author Jay Freeman (saurik) <saurik@saurik.com>

Tue, 11 Mar 2014 22:33:35 +0000 (15:33 -0700)

committer Jay Freeman (saurik) <saurik@saurik.com>

Tue, 11 Mar 2014 22:33:35 +0000 (15:33 -0700)
author Jay Freeman (saurik) <saurik@saurik.com>
Tue, 11 Mar 2014 22:33:35 +0000 (15:33 -0700)
committer Jay Freeman (saurik) <saurik@saurik.com>
Tue, 11 Mar 2014 22:33:35 +0000 (15:33 -0700)
diff --git a/Mach/Inject.cpp b/Mach/Inject.cpp

index 6ca0378b85075411ac5d2d4591173b6c57003679..7d805992c09c31a88515e0aa3b648b395f5cf0e6 100644 (file)
--- a/Mach/Inject.cpp
+++ b/Mach/Inject.cpp
@@ -292,8 +292,11 @@ void InjectLibrary(pid_t pid) {
      mach_vm_size_t error(sizeof(baton->error));
      _krncall(mach_vm_read_overwrite(task, data + offsetof(Baton, error), sizeof(baton->error), reinterpret_cast<mach_vm_address_t>(&baton->error), &error));
      _assert(error == sizeof(baton->error));
      mach_vm_size_t error(sizeof(baton->error));
      _krncall(mach_vm_read_overwrite(task, data + offsetof(Baton, error), sizeof(baton->error), reinterpret_cast<mach_vm_address_t>(&baton->error), &error));
      _assert(error == sizeof(baton->error));
-    if (baton->error[0] != '\0')
+
+    if (baton->error[0] != '\0') {
+        baton->error[sizeof(baton->error) - 1] = '\0';
          CYThrow("%s", baton->error);
          CYThrow("%s", baton->error);
+    }
  
      _krncall(mach_vm_deallocate(task, code, trampoline->size_));
      _krncall(mach_vm_deallocate(task, stack, size));
  
      _krncall(mach_vm_deallocate(task, code, trampoline->size_));
      _krncall(mach_vm_deallocate(task, stack, size));
author	Jay Freeman (saurik) <saurik@saurik.com>
	Tue, 11 Mar 2014 22:33:35 +0000 (15:33 -0700)
committer	Jay Freeman (saurik) <saurik@saurik.com>
	Tue, 11 Mar 2014 22:33:35 +0000 (15:33 -0700)