[PATCH] don't let a NUL input byte cause memory corruption (line[-1] = 0;)

Jim Meyering meyering at redhat.com
Wed Jun 3 11:15:56 PDT 2009


* services/openaisparser.c (parse_section): Handle the case in which
the first byte on a "line" is the NUL byte.
* services/amfutil.c (amf_config_read): Likewise.
---
 services/amfutil.c       |    6 ++++--
 services/openaisparser.c |    6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/services/amfutil.c b/services/amfutil.c
index 9c899f9..8ebadad 100644
--- a/services/amfutil.c
+++ b/services/amfutil.c
@@ -10,7 +10,7 @@
  * - Refactoring of code into several AMF files
  * - Serializers/deserializers
  *
- * Copyright (c) 2007-2008 Red Hat, Inc.
+ * Copyright (c) 2007-2009 Red Hat, Inc.
  *
  * All rights reserved.
  *
@@ -325,7 +325,9 @@ struct amf_cluster *amf_config_read (char **error_string)
 	while (fgets (buf, 255, fp)) {
 		line_number += 1;
 		line = buf;
-		line[strlen(line) - 1] = '\0';
+		if (strlen(line) > 0) {
+			line[strlen(line) - 1] = '\0';
+		}
 		/*
 		 * Clear out comments and empty lines
 		 */
diff --git a/services/openaisparser.c b/services/openaisparser.c
index 7226f1b..50a638e 100644
--- a/services/openaisparser.c
+++ b/services/openaisparser.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006 Red Hat, Inc.
+ * Copyright (c) 2006, 2009 Red Hat, Inc.
  *
  * All rights reserved.
  *
@@ -117,7 +117,9 @@ static int parse_section(FILE *fp,
 	char *loc;

 	while (fgets (line, 255, fp)) {
-		line[strlen(line) - 1] = '\0';
+		if (strlen(line) > 0) {
+			line[strlen(line) - 1] = '\0';
+		}
 		/*
 		 * Clear out white space and tabs
 		 */
--
1.6.3.1.333.g3ebba7


More information about the Openais mailing list