[PATCH] don't let a NUL input byte cause memory corruption (line[-1] = 0;)
Jim Meyering
meyering at redhat.com
Wed Jun 3 11:15:56 PDT 2009
* services/openaisparser.c (parse_section): Handle the case in which
the first byte on a "line" is the NUL byte.
* services/amfutil.c (amf_config_read): Likewise.
---
services/amfutil.c | 6 ++++--
services/openaisparser.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/services/amfutil.c b/services/amfutil.c
index 9c899f9..8ebadad 100644
--- a/services/amfutil.c
+++ b/services/amfutil.c
@@ -10,7 +10,7 @@
* - Refactoring of code into several AMF files
* - Serializers/deserializers
*
- * Copyright (c) 2007-2008 Red Hat, Inc.
+ * Copyright (c) 2007-2009 Red Hat, Inc.
*
* All rights reserved.
*
@@ -325,7 +325,9 @@ struct amf_cluster *amf_config_read (char **error_string)
while (fgets (buf, 255, fp)) {
line_number += 1;
line = buf;
- line[strlen(line) - 1] = '\0';
+ if (strlen(line) > 0) {
+ line[strlen(line) - 1] = '\0';
+ }
/*
* Clear out comments and empty lines
*/
diff --git a/services/openaisparser.c b/services/openaisparser.c
index 7226f1b..50a638e 100644
--- a/services/openaisparser.c
+++ b/services/openaisparser.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006 Red Hat, Inc.
+ * Copyright (c) 2006, 2009 Red Hat, Inc.
*
* All rights reserved.
*
@@ -117,7 +117,9 @@ static int parse_section(FILE *fp,
char *loc;
while (fgets (line, 255, fp)) {
- line[strlen(line) - 1] = '\0';
+ if (strlen(line) > 0) {
+ line[strlen(line) - 1] = '\0';
+ }
/*
* Clear out white space and tabs
*/
--
1.6.3.1.333.g3ebba7
More information about the Openais
mailing list