diff options
author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2016-11-21 20:52:55 +0100 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2018-03-24 23:36:51 -0700 |
commit | 509b0b9f6e3a40e23e0606eb9a976b28ddd9af6d (patch) | |
tree | e982e388f63292dde1a5257ab460a4fa1daa3e21 | |
parent | e994aca370f6148f692a4ab9794daa8a522e37db (diff) |
Fix segmentation fault on invalid input.
The 'add' command leads to a segmentation fault on invalid input.
Two arguments to 'add' can be quoted, but the quotation check does not
properly parse a single double quote:
$ echo 'add 0 " 0 0 0' | iceauth
Segmentation fault
$ _
This happens because the code does not properly check if the argument
consists of just one quote. Technically, it is true that the first
and the last characters are double quotes. Therefore it also takes a
check to verify that the length of the string is at least 2.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r-- | process.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1286,7 +1286,8 @@ static int do_add ( protodata_len = strlen (protodata_hex); if (protodata_len > 0) { - if (protodata_hex[0] == '"' && protodata_hex[protodata_len - 1] == '"') + if (protodata_len > 1 && + protodata_hex[0] == '"' && protodata_hex[protodata_len - 1] == '"') { protodata = malloc (protodata_len - 1); if (protodata) @@ -1311,7 +1312,8 @@ static int do_add ( } authdata_len = strlen (authdata_hex); - if (authdata_hex[0] == '"' && authdata_hex[authdata_len - 1] == '"') + if (authdata_len > 1 && + authdata_hex[0] == '"' && authdata_hex[authdata_len - 1] == '"') { authdata = malloc (authdata_len - 1); if (authdata) |