Prevent out of boundary access

If lines start with '\0' then it is possible to trigger out of
boundary accesses.

Check if indices are valid before accessing them.

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
This commit is contained in:
Samanta Navarro 2023-01-30 11:54:49 +00:00 committed by Serge Hallyn
parent ffc480c2e9
commit 8e0ad48c21
2 changed files with 4 additions and 3 deletions

View File

@ -100,7 +100,7 @@ int login_access (const char *user, const char *from)
int end; int end;
lineno++; lineno++;
end = (int) strlen (line) - 1; end = (int) strlen (line) - 1;
if (line[end] != '\n') { if (line[0] == '\0' || line[end] != '\n') {
SYSLOG ((LOG_ERR, SYSLOG ((LOG_ERR,
"%s: line %d: missing newline or line too long", "%s: line %d: missing newline or line too long",
TABLE, lineno)); TABLE, lineno));
@ -320,7 +320,7 @@ static bool from_match (const char *tok, const char *string)
if (strchr (string, '.') == NULL) { if (strchr (string, '.') == NULL) {
return true; return true;
} }
} else if ( (tok[(tok_len = strlen (tok)) - 1] == '.') /* network */ } else if ( (tok[0] != '\0' && tok[(tok_len = strlen (tok)) - 1] == '.') /* network */
&& (strncmp (tok, resolve_hostname (string), tok_len) == 0)) { && (strncmp (tok, resolve_hostname (string), tok_len) == 0)) {
return true; return true;
} }

View File

@ -68,8 +68,9 @@ int check_su_auth (const char *actual_id,
while (fgets (temp, sizeof (temp), authfile_fd) != NULL) { while (fgets (temp, sizeof (temp), authfile_fd) != NULL) {
lines++; lines++;
endline = strlen(temp) - 1;
if (temp[endline = strlen (temp) - 1] != '\n') { if (temp[0] == '\0' || temp[endline] != '\n') {
SYSLOG ((LOG_ERR, SYSLOG ((LOG_ERR,
"%s, line %d: line too long or missing newline", "%s, line %d: line too long or missing newline",
SUAUTHFILE, lines)); SUAUTHFILE, lines));