illumos-gate Udiff usr/src/cmd/cmd-inet/usr.bin/pppd/options.c

Print this page

5378 CVE-2014-3158 ppp: integer overflow in option parsing
Reviewed by: Robert Mustacchi <rm@joyent.com>

@@ -29,11 +29,10 @@
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-#pragma ident   "%Z%%M% %I%     %E% SMI"
 #define RCSID   "$Id: options.c,v 1.74 2000/04/15 01:27:13 masputra Exp $"
 
 #include <ctype.h>
 #include <stdio.h>
 #include <errno.h>

@@ -1313,13 +1312,14 @@
             }
 
             /*
              * Store the resulting character for the escape sequence.
              */
-            if (len < MAXWORDLEN-1)
+            if (len < MAXWORDLEN) {
                 word[len] = value;
             ++len;
+            }
 
             if (!got)
                 c = getc(f);
             continue;

@@ -1348,13 +1348,14 @@
         }
 
         /*
          * An ordinary character: store it in the word and get another.
          */
-        if (len < MAXWORDLEN-1)
+        if (len < MAXWORDLEN) {
             word[len] = c;
         ++len;
+        }
 
         c = getc(f);
     }
 
     /*