libburnia/libisofs
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Preventing buffer underread with empty RRIP SL component. Debian bug 872475. Thanks Jakub Wilk and American Fuzzy Lop.

Browse Source
This commit is contained in:
Thomas Schmitt 2017-08-18 10:56:59 +02:00
parent 860a91dd2f
commit 36c8800ff3
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libisofs/rockridge_read.c
View File

@ -388,12 +388,18 @@ int read_rr_SL(struct susp_sys_user_entry *sl, char **dest, int *cont)
if (*cont == 1) { if (*cont == 1) {
/* new component */ /* new component */
size_t size = strlen(*dest); size_t size = strlen(*dest);
int has_slash;
*dest = realloc(*dest, strlen(*dest) + len + 2); *dest = realloc(*dest, strlen(*dest) + len + 2);
if (*dest == NULL) { if (*dest == NULL) {
return ISO_OUT_OF_MEM; return ISO_OUT_OF_MEM;
} }
/* it is a new compoenent, add the '/' */ /* it is a new compoenent, add the '/' */
if ((*dest)[size-1] != '/') { has_slash = 0;
if (size > 0)
if ((*dest)[size - 1] == '/')
has_slash = 1;
if (!has_slash) {
(*dest)[size] = '/'; (*dest)[size] = '/';
(*dest)[size+1] = '\0'; (*dest)[size+1] = '\0';
} }