Permalink
Browse files

Fix buffer overflow if NULL line is present in db.

If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
  • Loading branch information...
t8m committed Mar 31, 2017
1 parent 830ae26 commit 954e3d2e7113e9ac06632aee3c69b8d818cc8952
Showing with 4 additions and 4 deletions.
  1. +4 −4 lib/commonio.c
View
@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
for (ptr = db->head;
(NULL != ptr)
#if KEEP_NIS_AT_END
&& (NULL != ptr->line)
&& ( ('+' != ptr->line[0])
&& ('-' != ptr->line[0]))
&& ((NULL == ptr->line)
|| (('+' != ptr->line[0])
&& ('-' != ptr->line[0])))
#endif
;
ptr = ptr->next) {
n++;
}
#if KEEP_NIS_AT_END
if ((NULL != ptr) && (NULL != ptr->line)) {
if (NULL != ptr) {
nis = ptr;
}
#endif

1 comment on commit 954e3d2

@setharnold

This comment has been minimized.

Show comment
Hide comment
@setharnold

setharnold Aug 4, 2017

Use CVE-2017-12424.

setharnold commented on 954e3d2 Aug 4, 2017

Use CVE-2017-12424.

Please sign in to comment.