Print this page
5378 CVE-2014-3158 ppp: integer overflow in option parsing
Reviewed by: Robert Mustacchi <rm@joyent.com>

*** 29,39 **** * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ - #pragma ident "%Z%%M% %I% %E% SMI" #define RCSID "$Id: options.c,v 1.74 2000/04/15 01:27:13 masputra Exp $" #include <ctype.h> #include <stdio.h> #include <errno.h> --- 29,38 ----
*** 1313,1325 **** } /* * Store the resulting character for the escape sequence. */ ! if (len < MAXWORDLEN-1) word[len] = value; ++len; if (!got) c = getc(f); continue; --- 1312,1325 ---- } /* * Store the resulting character for the escape sequence. */ ! if (len < MAXWORDLEN) { word[len] = value; ++len; + } if (!got) c = getc(f); continue;
*** 1348,1360 **** } /* * An ordinary character: store it in the word and get another. */ ! if (len < MAXWORDLEN-1) word[len] = c; ++len; c = getc(f); } /* --- 1348,1361 ---- } /* * An ordinary character: store it in the word and get another. */ ! if (len < MAXWORDLEN) { word[len] = c; ++len; + } c = getc(f); } /*