commit ad73be052759c9472bcd1b871bd402eacf80da78
parent 628b8661ef57c9d5badd1a808482f88a31c4da4d
Author: Rolf Eike Beer <eike@sf-mail.de>
Date: Tue, 12 May 2020 20:22:22 +0200
fix string length calculation overflow in quote() helper
Diffstat:
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
@@ -1659,7 +1659,7 @@ tryutmpx.c compile load qtmp.h1 qtmp.h2
rm -f tryutmpx.o tryutmpx
quote.o: \
-compile quote.c stralloc.h gen_alloc.h str.h quote.h
+compile quote.c stralloc.h gen_alloc.h str.h quote.h oflops.h error.h
./compile quote.c
rcpthosts.o: \
diff --git a/quote.c b/quote.c
@@ -1,3 +1,5 @@
+#include "error.h"
+#include "oflops.h"
#include "stralloc.h"
#include "str.h"
#include "quote.h"
@@ -23,8 +25,15 @@ stralloc *sain;
char ch;
int i;
int j;
+ unsigned int nlen;
- if (!stralloc_ready(saout,sain->len * 2 + 2)) return 0;
+ /* make sure the size calculation below does not overflow */
+ if (__builtin_mul_overflow(sain->len, 2, &nlen) ||
+ __builtin_add_overflow(nlen, 2, &nlen)) {
+ errno = error_nomem;
+ return 0;
+ }
+ if (!stralloc_ready(saout,nlen)) return 0;
j = 0;
saout->s[j++] = '"';
for (i = 0;i < sain->len;++i)
