top: Check i when setting Curwin in config_file().

Otherwise it leads to out-of-bounds reads (and maybe writes).
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent b45c4803dd
commit bd91bbf7f1

View File

@ -3689,6 +3689,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
if (Rc.id < 'a' || Rc.id > RCF_VERSION_ID) if (Rc.id < 'a' || Rc.id > RCF_VERSION_ID)
return p; return p;
// you saw that, right? (fscanf stickin' it to 'i') // you saw that, right? (fscanf stickin' it to 'i')
if (i < 0 || i >= GROUPSMAX)
return p;
Curwin = &Winstk[i]; Curwin = &Winstk[i];
// this may be ugly, but it keeps us locale independent... // this may be ugly, but it keeps us locale independent...
*delay = (float)tmp_whole + (float)tmp_fract / 1000; *delay = (float)tmp_whole + (float)tmp_fract / 1000;