| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171218191546.29122-1-stephen@networkplumber.org>
Date: Mon, 18 Dec 2017 11:15:46 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Cc: Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH] utils: fix makeargs stack overflow
The makeargs() function did not handle end of string correctly
and would reference past end of string.
Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
---
lib/utils.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/lib/utils.c b/lib/utils.c
index 7ced8c061cb0..df1f3b1238c0 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -1206,10 +1206,16 @@ ssize_t getcmdline(char **linep, size_t *lenp, FILE *in)
int makeargs(char *line, char *argv[], int maxargs)
{
static const char ws[] = " \t\r\n";
- char *cp;
+ char *cp = line;
int argc = 0;
- for (cp = line + strspn(line, ws); *cp; cp += strspn(cp, ws)) {
+ while (*cp) {
+ /* skip leading whitespace */
+ cp += strspn(cp, ws);
+
+ if (*cp == '\0')
+ break;
+
if (argc >= (maxargs - 1)) {
fprintf(stderr, "Too many arguments to command\n");
exit(1);
@@ -1226,13 +1232,16 @@ int makeargs(char *line, char *argv[], int maxargs)
fprintf(stderr, "Unterminated quoted string\n");
exit(1);
}
- *cp++ = 0;
- continue;
+ } else {
+ argv[argc++] = cp;
+
+ /* find end of word */
+ cp += strcspn(cp, ws);
+ if (*cp == '\0')
+ break;
}
- argv[argc++] = cp;
- /* find end of word */
- cp += strcspn(cp, ws);
+ /* seperate words */
*cp++ = 0;
}
argv[argc] = NULL;
--
2.11.0
Powered by blists - more mailing lists