wallet: fix buffer over-read in SQLite file magic check

theStack · theStack · commit 56a461f72796 · 2020-10-22T03:39:55.000+02:00
If there is no terminating zero within the 16 magic bytes, the buffer would be
over-read in the std::string constructor. Fixed by using the "from buffer"
variant of the ctor (that also takes a size) rather than the "from c-string"
variant.
diff --git a/src/wallet/sqlite.cpp b/src/wallet/sqlite.cpp
@@ -619,8 +619,8 @@ bool IsSQLiteFile(const fs::path& path)
     file.close();
 
     // Check the magic, see https://sqlite.org/fileformat2.html
-    std::string magic_str(magic);
-    if (magic_str != std::string("SQLite format 3")) {
+    std::string magic_str(magic, 16);
+    if (magic_str != std::string("SQLite format 3", 16)) {
         return false;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -619,8 +619,8 @@ bool IsSQLiteFile(const fs::path& path)`
`619`	`619`	`file.close();`
`620`	`620`
`621`	`621`	`// Check the magic, see https://sqlite.org/fileformat2.html`
`622`		`- std::string magic_str(magic);`
`623`		`- if (magic_str != std::string("SQLite format 3")) {`
	`622`	`+ std::string magic_str(magic, 16);`
	`623`	`+ if (magic_str != std::string("SQLite format 3", 16)) {`
`624`	`624`	`return false;`
`625`	`625`	`}`
`626`	`626`