diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2014-06-20 17:04:59 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-07-08 09:53:02 +0200 |
commit | 852722ecb5dc09fc80cd3c837edb1cf6db529210 (patch) | |
tree | 2501d5f8442f9db69e6f572225b27e8133750547 /src/util | |
parent | be8e3c2eb7619ae1b94fd8941e0f18c8969b2804 (diff) | |
download | sssd-852722ecb5dc09fc80cd3c837edb1cf6db529210.tar.gz sssd-852722ecb5dc09fc80cd3c837edb1cf6db529210.tar.xz sssd-852722ecb5dc09fc80cd3c837edb1cf6db529210.zip |
UTIL: Fix access out of bound in parse_args
While parsing string with multiple whitespaces, it may happen variable i is
zero and we want to test end of argument "tmp[i-1] != '\0'". Side effect of
this bug is duplicite string output array.
Input string: "foo b"
Expected output: { "foo", "a", NULL }
Output: { "foo", "foo", "a", NULL }
This patch uses inverted logic. Instead of testing whether to read next char or
skip multiple whitespaces, we will test whether we have new argument which
should be stored in output array.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/util.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/util/util.c b/src/util/util.c index ad93ca1a0..7f80771ec 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -153,7 +153,8 @@ char **parse_args(const char *str) num = 0; i = 0; e = false; - w = false; + /* skip leading whitespaces */ + w = true; p = str; while (*p) { if (*p == '\\') { @@ -205,19 +206,18 @@ char **parse_args(const char *str) tmp[i] = '\0'; i++; } - if (tmp[i-1] != '\0' || strlen(tmp) == 0) { - /* check next char and skip multiple spaces */ - continue; - } - r = realloc(ret, (num + 2) * sizeof(char *)); - if (!r) goto fail; - ret = r; - ret[num+1] = NULL; - ret[num] = strdup(tmp); - if (!ret[num]) goto fail; - num++; - i = 0; + /* save token to result array */ + if (i > 1 && tmp[i-1] == '\0') { + r = realloc(ret, (num + 2) * sizeof(char *)); + if (!r) goto fail; + ret = r; + ret[num+1] = NULL; + ret[num] = strdup(tmp); + if (!ret[num]) goto fail; + num++; + i = 0; + } } free(tmp); |