From 1866b95e14a317fed27f9125650760861448afc9 Mon Sep 17 00:00:00 2001 From: Enno Rehling Date: Sun, 29 Oct 2017 18:03:44 +0100 Subject: [PATCH] BUG 2381: parse_token overrun. --- src/util/parser.c | 8 ++++++-- src/util/parser.test.c | 10 ++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/util/parser.c b/src/util/parser.c index fca066cb1..46a9d3a28 100644 --- a/src/util/parser.c +++ b/src/util/parser.c @@ -177,11 +177,15 @@ char *parse_token(const char **str, char *lbuf, size_t buflen) ++ctoken; } else { - *cursor++ = *ctoken++; + if (cursor - buflen < lbuf - len) { + *cursor++ = *ctoken++; + } } } else if (utf8_character == SPACE_REPLACEMENT) { - *cursor++ = ' '; + if (cursor - buflen < lbuf - len) { + *cursor++ = ' '; + } ++ctoken; } else if (utf8_character == ESCAPE_CHAR) { diff --git a/src/util/parser.test.c b/src/util/parser.test.c index 942aa1866..7690a01b4 100644 --- a/src/util/parser.test.c +++ b/src/util/parser.test.c @@ -28,6 +28,15 @@ static void test_parse_token(CuTest *tc) { CuAssertPtrEquals(tc, NULL, (void *)tok); } +static void test_parse_token_bug_2381(CuTest *tc) { + const char *stok, *s = "Bitte~wechselt~auf~die~trireme~3im9,~sobald~eine~Crew~da~ist,~geht~es~los~:)"; + char token[64]; + + stok = s; + stok = parse_token(&stok, token, sizeof(token)); + CuAssertTrue(tc, strlen(token) < sizeof(token)); +} + static void test_parse_token_limit(CuTest *tc) { char lbuf[8]; const char *tok; @@ -117,6 +126,7 @@ CuSuite *get_parser_suite(void) SUITE_ADD_TEST(suite, test_atoip); SUITE_ADD_TEST(suite, test_skip_token); SUITE_ADD_TEST(suite, test_parse_token); + SUITE_ADD_TEST(suite, test_parse_token_bug_2381); SUITE_ADD_TEST(suite, test_parse_token_limit); SUITE_ADD_TEST(suite, test_parse_token_limit_utf8); SUITE_ADD_TEST(suite, test_gettoken);