fixed potential buffer overflow discovered by Fernando Arnaboldi of IOActive
authorMichael Rash <mbr@cipherdyne.org>
Sun, 2 Sep 2012 03:37:03 +0000 (23:37 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 2 Sep 2012 03:37:03 +0000 (23:37 -0400)
server/access.c

index 280e702..5778c01 100644 (file)
@@ -501,6 +501,12 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
             while(isspace(*start))
                 start++;
 
+            if(((ndx-start)+1) >= 1024)
+            {
+                fprintf(stderr, "Fatal str->list too long");
+                exit(EXIT_FAILURE);
+            }
+
             strlcpy(buf, start, (ndx-start)+1);
             add_string_list_ent(stlist, buf);
             start = ndx+1;
@@ -512,6 +518,12 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
     while(isspace(*start))
         start++;
 
+    if(((ndx-start)+1) >= 1024)
+    {
+        fprintf(stderr, "Fatal str->list too long");
+        exit(EXIT_FAILURE);
+    }
+
     strlcpy(buf, start, (ndx-start)+1);
 
     add_string_list_ent(stlist, buf);