diff options
| author |   jsg <jsg@openbsd.org> | 2017-04-09 02:40:24 +0000 |
|---|---|---|
| committer | jsg <jsg@openbsd.org> | 2017-04-09 02:40:24 +0000 |
| commit | 00b5450230ae9da4eb7efa326b0ff6ea7af92b0c (patch) | |
| tree | d0618ba89ca4bdee7930d8ff1c4aa6726005e4f4 | |
| parent | snprintf() format string should be literal (diff) | |
| download | wireguard-openbsd-00b5450230ae9da4eb7efa326b0ff6ea7af92b0c.tar.xz wireguard-openbsd-00b5450230ae9da4eb7efa326b0ff6ea7af92b0c.zip | |
Fix multiple cases of reading past the end of a buffer in the sasyncd(8)
config parser found with afl.
feedback and ok millert@ ok deraadt@
| -rw-r--r-- | usr.sbin/sasyncd/conf.y | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.sbin/sasyncd/conf.y b/usr.sbin/sasyncd/conf.y index 5be15a4e5e7..868063c1f5b 100644 --- a/usr.sbin/sasyncd/conf.y +++ b/usr.sbin/sasyncd/conf.y @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.y,v 1.18 2015/08/20 22:39:29 deraadt Exp $ */ +/* $OpenBSD: conf.y,v 1.19 2017/04/09 02:40:24 jsg Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -293,8 +293,10 @@ yylex(void) if (!confptr) confptr = confbuf; else { - for (p = confptr; *p && p < confbuf + conflen; p++) + for (p = confptr; p < confbuf + conflen && *p; p++) ; + if (p == confbuf + conflen) + return 0; p++; if (!*p) return 0; @@ -389,7 +391,7 @@ conf_parse_file(char *cfgfile) /* Prepare the buffer somewhat in the way of strsep() */ buf[conflen] = (char)0; - for (s = buf, d = s; *s && s < buf + conflen; s++) { + for (s = buf, d = s; s < buf + conflen && *s; s++) { if (isspace(*s) && isspace(*(s+1))) continue; if (*s == '#') { |