libburnia
/
libisofs
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Preventing buffer underread with empty RRIP SL component. Debian bug 872475. Thanks Jakub Wilk and American Fuzzy Lop.

This commit is contained in:
Thomas Schmitt 2017-08-18 10:56:59 +02:00
parent 860a91dd2f
commit 36c8800ff3
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libisofs/rockridge_read.c
View File

@ -388,12 +388,18 @@ int read_rr_SL(struct susp_sys_user_entry *sl, char **dest, int *cont)
if (*cont == 1) { if (*cont == 1) {
/* new component */ /* new component */
size_t size = strlen(*dest); size_t size = strlen(*dest);
int has_slash;
*dest = realloc(*dest, strlen(*dest) + len + 2); *dest = realloc(*dest, strlen(*dest) + len + 2);
if (*dest == NULL) { if (*dest == NULL) {
return ISO_OUT_OF_MEM; return ISO_OUT_OF_MEM;
} }
/* it is a new compoenent, add the '/' */ /* it is a new compoenent, add the '/' */
if ((*dest)[size-1] != '/') { has_slash = 0;
if (size > 0)
if ((*dest)[size - 1] == '/')
has_slash = 1;
if (!has_slash) {
(*dest)[size] = '/'; (*dest)[size] = '/';
(*dest)[size+1] = '\0'; (*dest)[size+1] = '\0';
} }