Print this page
7214 make buffer under-read while parsing conditional variables
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Reviewed by: Robert Mustacchi <rm@joyent.com>
@@ -19,10 +19,12 @@
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
+ *
+ * Copyright 2016 RackTop Systems.
*/
/*
* doname.c
*
@@ -2891,12 +2893,16 @@
conditional = get_prop(conditional->next, conditional_prop)) {
wcb1.init(conditional->body.conditional.target);
pattern = wcb1.get_string();
if (pattern[1] != 0) {
percent = (wchar_t *) wcschr(pattern, (int) percent_char);
+ /* Check for possible buffer under-read */
+ if ((length = wcb.length()-wcslen(percent+1)) <= 0) {
+ continue;
+ }
if (!wcb.equaln(pattern, percent-pattern) ||
- !IS_WEQUAL(wcb.get_string(wcb.length()-wcslen(percent+1)), percent+1)) {
+ !IS_WEQUAL(wcb.get_string(length), percent+1)) {
continue;
}
}
for (previous = &target->prop;
*previous != NULL;