Print this page
5378 CVE-2014-3158 ppp: integer overflow in option parsing
Reviewed by: Robert Mustacchi <rm@joyent.com>
*** 29,39 ****
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
- #pragma ident "%Z%%M% %I% %E% SMI"
#define RCSID "$Id: options.c,v 1.74 2000/04/15 01:27:13 masputra Exp $"
#include <ctype.h>
#include <stdio.h>
#include <errno.h>
--- 29,38 ----
*** 1313,1325 ****
}
/*
* Store the resulting character for the escape sequence.
*/
! if (len < MAXWORDLEN-1)
word[len] = value;
++len;
if (!got)
c = getc(f);
continue;
--- 1312,1325 ----
}
/*
* Store the resulting character for the escape sequence.
*/
! if (len < MAXWORDLEN) {
word[len] = value;
++len;
+ }
if (!got)
c = getc(f);
continue;
*** 1348,1360 ****
}
/*
* An ordinary character: store it in the word and get another.
*/
! if (len < MAXWORDLEN-1)
word[len] = c;
++len;
c = getc(f);
}
/*
--- 1348,1361 ----
}
/*
* An ordinary character: store it in the word and get another.
*/
! if (len < MAXWORDLEN) {
word[len] = c;
++len;
+ }
c = getc(f);
}
/*