Print this page
12786 fix CTF pointer overrun
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Approved by: Dan McDonald <danmcd@joyent.com>

@@ -131,11 +131,12 @@
                 if (isqualifier(p, (size_t)(q - p)))
                         continue; /* skip qualifier keyword */
 
                 for (lp = fp->ctf_lookups; lp->ctl_prefix != NULL; lp++) {
                         if (lp->ctl_prefix[0] == '\0' ||
-                            strncmp(p, lp->ctl_prefix, (size_t)(q - p)) == 0) {
+                            ((size_t)(q - p) >= lp->ctl_len && strncmp(p,
+                            lp->ctl_prefix, (size_t)(q - p)) == 0)) {
                                 for (p += lp->ctl_len; isspace(*p); p++)
                                         continue; /* skip prefix and next ws */
 
                                 if ((q = strchr(p, '*')) == NULL)
                                         q = end;  /* compare until end */