Added check to ensure we're not matching zero length strings

twilio · Oct 22, 2015 · 575977e · 575977e
1 parent c441216
commit 575977e
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/authy_api.c b/src/authy_api.c
@@ -177,7 +177,9 @@ tokenResponseIsValid(char *pszResponse)
      shouldn't be the last one because it won't be a key */
   for (cnt = 0; cnt < 19; cnt++)
   {
-    if(strncmp(pszResponse + (tokens[cnt]).start, "token", (tokens[cnt]).end - (tokens[cnt]).start) == 0)
+    /* avoid matching empty strings since "" == "" */
+    int len = (tokens[cnt]).end - (tokens[cnt]).start;
+    if(len > 0 && strncmp(pszResponse + (tokens[cnt]).start, "token", len) == 0)
     {
       if(strncmp(pszResponse + (tokens[cnt+1]).start, "is valid", (tokens[cnt+1]).end - (tokens[cnt+1]).start) == 0){
         return TRUE;