Permalink
Browse files

Fix buffer overflow if NULL line is present in db.

If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
  • Loading branch information...
1 parent 830ae26 commit 954e3d2e7113e9ac06632aee3c69b8d818cc8952 @t8m t8m committed Mar 31, 2017
Showing with 4 additions and 4 deletions.
  1. +4 −4 lib/commonio.c
View
@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
for (ptr = db->head;
(NULL != ptr)
#if KEEP_NIS_AT_END
- && (NULL != ptr->line)
- && ( ('+' != ptr->line[0])
- && ('-' != ptr->line[0]))
+ && ((NULL == ptr->line)
+ || (('+' != ptr->line[0])
+ && ('-' != ptr->line[0])))
#endif
;
ptr = ptr->next) {
n++;
}
#if KEEP_NIS_AT_END
- if ((NULL != ptr) && (NULL != ptr->line)) {
+ if (NULL != ptr) {
nis = ptr;
}
#endif

1 comment on commit 954e3d2

Use CVE-2017-12424.

Please sign in to comment.