Skip to content

Commit

Permalink
Fix buffer overflow if NULL line is present in db.
Browse files Browse the repository at this point in the history 
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
  • Loading branch information
@t8m
t8m committed Mar 31, 2017
1 parent 830ae26 commit 954e3d2
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions lib/commonio.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
for (ptr = db->head;
(NULL != ptr)
#if KEEP_NIS_AT_END
&& (NULL != ptr->line)
&& ( ('+' != ptr->line[0])
&& ('-' != ptr->line[0]))
&& ((NULL == ptr->line)
|| (('+' != ptr->line[0])
&& ('-' != ptr->line[0])))
#endif
;
ptr = ptr->next) {
n++;
}
#if KEEP_NIS_AT_END
if ((NULL != ptr) && (NULL != ptr->line)) {
if (NULL != ptr) {
nis = ptr;
}
#endif
Expand Down

1 comment on commit 954e3d2

@setharnold
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use CVE-2017-12424.

Please sign in to comment.