Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libedit From Yuichiro Naito (FreeBSD):
details: https://anonhg.NetBSD.org/src/rev/a830e3dadb89
branches: trunk
changeset: 837259:a830e3dadb89
user: christos <christos%NetBSD.org@localhost>
date: Sun Nov 25 16:21:04 2018 +0000
description:
>From Yuichiro Naito (FreeBSD):
hrs@ says that
(cbp >= MB_LEN_MAX) condition is necessary for checking invalid
byte sequences. If malicious input was given, libedit would read
byte sequences forever.
diffstat:
lib/libedit/read.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diffs (30 lines):
diff -r 3a074d5b3856 -r a830e3dadb89 lib/libedit/read.c
--- a/lib/libedit/read.c Sun Nov 25 16:20:28 2018 +0000
+++ b/lib/libedit/read.c Sun Nov 25 16:21:04 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: read.c,v 1.104 2018/11/18 17:09:39 christos Exp $ */
+/* $NetBSD: read.c,v 1.105 2018/11/25 16:21:04 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)read.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: read.c,v 1.104 2018/11/18 17:09:39 christos Exp $");
+__RCSID("$NetBSD: read.c,v 1.105 2018/11/25 16:21:04 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -335,6 +335,11 @@
goto again;
}
case (size_t)-2:
+ if (cbp >= MB_LEN_MAX) {
+ errno = EILSEQ;
+ *cp = L'\0';
+ return -1;
+ }
/* Incomplete sequence, read another byte. */
goto again;
default:
Home |
Main Index |
Thread Index |
Old Index