[Cryptech-Commits] [user/ft/libcli] 03/03: cli_parse_line: fix buffer overflow in word tokenization
git at cryptech.is
git at cryptech.is
Tue May 31 13:09:26 UTC 2016
This is an automated email from the git hooks/post-receive script.
fredrik at thulin.net pushed a commit to branch master
in repository user/ft/libcli.
commit 86814a2c11edd161e6611cf2f7764030eae1d565
Author: Fredrik Thulin <fredrik at thulin.net>
AuthorDate: Tue May 31 10:31:27 2016 +0200
cli_parse_line: fix buffer overflow in word tokenization
---
libcli.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/libcli.c b/libcli.c
index d97b304..730a8ab 100644
--- a/libcli.c
+++ b/libcli.c
@@ -512,16 +512,19 @@ static int cli_parse_line(const char *line, char *words[], int max_words)
if (!*p || *p == inquote || (word_start && !inquote && (isspace((unsigned char) *p) || *p == '|')))
{
if (word_start)
- {
- int len = p - word_start;
+ {
+ int len = p - word_start;
- if (len > 1)
- {
- memcpy(ptr, word_start, len);
- words[nwords++] = ptr;
- ptr += len + 1; /* buf is memset zero, so we just need to add +1 to get a null terminated word */
- }
- }
+ if (len > 1)
+ {
+ if ((ptr + len + 1) > buf + sizeof(buf) - 1) break;
+
+ memcpy(ptr, word_start, len);
+ words[nwords++] = ptr;
+ ptr += len;
+ ptr++; /* NULL terminate through memset above */
+ }
+ }
if (!*p)
break;
@@ -543,9 +546,12 @@ static int cli_parse_line(const char *line, char *words[], int max_words)
{
if (*p == '|')
{
+ if ((ptr + 1 + 1) > buf + sizeof(buf) - 1) break;
+
*ptr = '|';
words[nwords++] = ptr;
- ptr += 1 + 1; /* buf is memset zero, so we just need to add +1 to get a null terminated word */
+ ptr += strlen("|");
+ ptr++; /* NULL terminate through memset above */
}
else if (!isspace((unsigned char) *p))
word_start = p;
More information about the Commits
mailing list