Permalink
Browse files

Fix a buffer overflow.

This is only the minimum workaround to prevent buffer overflow:
Stop iterating once the (fixed!) size of the output buffers is
reached. In response to
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317

However, this code is a huge mess anyway and is in no way
anything like up-to-date C++ code. Please, anyone, replace it
with something more modern. Thanks.
  • Loading branch information...
cstim committed Sep 17, 2017
1 parent f589f0a commit a70934eea95c76a7737b83773bffe8738935082d
Showing with 11 additions and 4 deletions.
  1. +11 −4 lib/ofx_preproc.cpp
View
@@ -417,7 +417,6 @@ int ofx_proc_file(LibofxContextPtr ctx, const char * p_filename)
string sanitize_proprietary_tags(string input_string)
{
unsigned int i;
size_t input_string_size;
bool strip = false;
bool tag_open = false;
int tag_open_idx = 0; //Are we within < > ?
@@ -438,9 +437,17 @@ string sanitize_proprietary_tags(string input_string)
close_tagname[i] = 0;
}
input_string_size = input_string.size();
for (i = 0; i < input_string_size; i++)
size_t input_string_size = input_string.size();
// Minimum workaround to prevent buffer overflow: Stop iterating
// once the (fixed!) size of the output buffers is reached. In
// response to
// https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
//
// However, this code is a huge mess anyway and is in no way
// anything like up-to-date C++ code. Please, anyone, replace it
// with something more modern. Thanks. - cstim, 2017-09-17.
for (i = 0; i < std::min(input_string_size, size_t(READ_BUFFER_SIZE)); i++)
{
if (input_string.c_str()[i] == '<')
{

0 comments on commit a70934e

Please sign in to comment.