Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libterminfo off-by-one in memcpy. Found by ASAN (Carsten...
details: https://anonhg.NetBSD.org/src/rev/a612f5d14328
branches: trunk
changeset: 349121:a612f5d14328
user: christos <christos%NetBSD.org@localhost>
date: Thu Nov 24 17:09:55 2016 +0000
description:
off-by-one in memcpy. Found by ASAN (Carsten Kunze)
XXX: pullup 7.
diffstat:
lib/libterminfo/term.c | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
diffs (56 lines):
diff -r 5253a742dc44 -r a612f5d14328 lib/libterminfo/term.c
--- a/lib/libterminfo/term.c Thu Nov 24 14:49:08 2016 +0000
+++ b/lib/libterminfo/term.c Thu Nov 24 17:09:55 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: term.c,v 1.19 2015/11/26 01:03:22 christos Exp $ */
+/* $NetBSD: term.c,v 1.20 2016/11/24 17:09:55 christos Exp $ */
/*
* Copyright (c) 2009, 2010, 2011 The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: term.c,v 1.19 2015/11/26 01:03:22 christos Exp $");
+__RCSID("$NetBSD: term.c,v 1.20 2016/11/24 17:09:55 christos Exp $");
#include <sys/stat.h>
@@ -78,12 +78,13 @@
size_t len;
TERMUSERDEF *ud;
+ if (caplen == 0)
+ goto out;
ver = *cap++;
+ caplen--;
/* Only read version 1 structures */
- if (ver != 1) {
- errno = EINVAL;
- return -1;
- }
+ if (ver != 1)
+ goto out;
if (allocset(&term->flags, 0, TIFLAGMAX + 1, sizeof(*term->flags)) == -1)
@@ -226,8 +227,7 @@
cap += len;
break;
default:
- errno = EINVAL;
- return -1;
+ goto out;
}
}
} else {
@@ -239,6 +239,9 @@
}
return 1;
+out:
+ errno = EINVAL;
+ return -1;
}
static int
Home |
Main Index |
Thread Index |
Old Index