diff options
| author | Jo-Philipp Wich | 2020-04-01 10:41:37 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich | 2020-04-01 11:21:35 +0000 |
| commit | 206ebaea2cd547fbc180d61279bfd2e80a0dc3dd (patch) | |
| tree | ea6dbaf2fe28fb8f73acff74def0760041fd51de | |
| parent | c09fe2098718807ddbca13ee36e3e38801822946 (diff) | |
| download | opkg-lede-206ebaea2cd547fbc180d61279bfd2e80a0dc3dd.tar.gz | |
file_util.c: fix possible bad memory access in file_read_line_alloc()
In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.
Avoid this case by checking that the string has a length of at least one
byte. Also change the unsigned int types to size_t to store length values
while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rw-r--r-- | libopkg/file_util.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/libopkg/file_util.c b/libopkg/file_util.c index 7e955ed..c0acec3 100644 --- a/libopkg/file_util.c +++ b/libopkg/file_util.c @@ -59,17 +59,14 @@ int file_is_dir(const char *file_name) */ char *file_read_line_alloc(FILE * fp) { + size_t buf_len, line_size; char buf[BUFSIZ]; - unsigned int buf_len; char *line = NULL; - unsigned int line_size = 0; int got_nl = 0; - buf[0] = '\0'; - while (fgets(buf, BUFSIZ, fp)) { buf_len = strlen(buf); - if (buf[buf_len - 1] == '\n') { + if (buf_len > 0 && buf[buf_len - 1] == '\n') { buf_len--; buf[buf_len] = '\0'; got_nl = 1; |